CVE-2026-10203 | OFCMS 1.1.3 JSON Query Interface SystemParamController.java query sql injection (IJLIYP)

May 31, 2026 Yanac

A vulnerability labeled as critical has been found in OFCMS 1.1.3. Impacted is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSystemParamController.java of the component JSON Query Interface. The manipulation results in sql injection.

This vulnerability is reported as CVE-2026-10203. The attack can be launched remotely. Moreover, an exploit is present.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More