CVE-2026-10202 | OFCMS 1.1.3 JSON Query Interface SystemDictController.java query sql injection (IJLIBT)

May 31, 2026 Yanac

A vulnerability identified as critical has been detected in OFCMS 1.1.3. This issue affects the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection.

This vulnerability is documented as CVE-2026-10202. The attack can be initiated remotely. Additionally, an exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More