CVE-2026-10193 | OFCMS up to 1.1.3 ComnController ComnController.java query system.user.query sql injection (IJLFCA)

A vulnerability, which was classified as critical, has been found in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollerComnController.java of the component ComnController. Performing a manipulation of the argument system.user.query results in sql injection.

This vulnerability was named CVE-2026-10193. The attack may be initiated remotely. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-10193 | OFCMS up to 1.1.3 ComnController ComnController.java query system.user.query sql injection (IJLFCA)

Post correlati

CVE-2025-13378 | Ays AI ChatBot with ChatGPT and Content Generator Plugin ays_chatgpt_pinecone_upsert server-side request forgery

CVE-2024-26029 | Adobe Experience Manager up to 6.5.20 access control (apsb24-28)

CVE-2026-23119 | Linux Kernel up to 6.18.7 bonding flow_dissector.c __skb_flow_dissect privilege escalation

CVE-2025-54636 | Huawei HarmonyOS/EMUI Kernel Drop Detection Module buffer overflow