CVE-2026-10204 | OFCMS 1.1.3 JSON Query Interface SysUserController.java query sql injection (IJLL09)

A vulnerability marked as critical has been reported in OFCMS 1.1.3. The affected element is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSysUserController.java of the component JSON Query Interface. This manipulation causes sql injection.

This vulnerability appears as CVE-2026-10204. The attack may be initiated remotely. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More