CVE-2026-10193 | OFCMS up to 1.1.3 ComnController ComnController.java query system.user.query sql injection (IJLFCA)

SecurityVulns
Yanac

A vulnerability, which was classified as critical, has been found in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollerComnController.java of the component ComnController. Performing a manipulation of the argument system.user.query results in sql injection.

This vulnerability was named CVE-2026-10193. The attack may be initiated remotely. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More