CVE-2025-0404

Name of the Vulnerable Software and Affected Versions liujianview gymxmjpa version 1.0

Description A critical vulnerability has been found in the CoachController function of the file src/main/java/com/liujian/gymxmjpa/controller/CoachController.java. The manipulation of the coachName argument leads to SQL injection. The attack can be initiated remotely. The details of the exploit are available to the public, which means it may be used by attackers.

Recommendations As a temporary workaround, consider disabling the CoachController function until a patch is available. Restrict access to the coachName argument in the CoachController function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.