CVE-2026-10204 | OFCMS 1.1.3 JSON Query Interface SysUserController.java query sql injection (IJLL09)

A vulnerability marked as critical has been reported in OFCMS 1.1.3. The affected element is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSysUserController.java of the component JSON Query Interface. This manipulation causes sql injection.

This vulnerability appears as CVE-2026-10204. The attack may be initiated remotely. In addition, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-10204 | OFCMS 1.1.3 JSON Query Interface SysUserController.java query sql injection (IJLL09)

Post correlati

CVE-2024-56339 | IBM WebSphere Application Server trusting http permission methods on the server side

CVE-2024-51487 | Ampache up to 7.0.0 Request cross-site request forgery

CVE-2024-52330 | ECOVACS DEEBOT T10 Firmware Update certificate validation

CVE-2024-2688 | wpdevteam EmbedPress Plugin up to 3.9.12 on WordPress cross site scripting