CVE-2026-10202 | OFCMS 1.1.3 JSON Query Interface SystemDictController.java query sql injection (IJLIBT)

A vulnerability identified as critical has been detected in OFCMS 1.1.3. This issue affects the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection.

This vulnerability is documented as CVE-2026-10202. The attack can be initiated remotely. Additionally, an exploit exists.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-10202 | OFCMS 1.1.3 JSON Query Interface SystemDictController.java query sql injection (IJLIBT)

Post correlati

CVE-2024-50097 | Linux Kernel up to 6.6.56/6.11.3/6.12-rc1 fec_ptp_init initialization (7745e14f4c03/3192e8d4a1ef/6be063071a45)

CVE-2025-54388 | Moby up to 28.3.2 Firewalld Service initialization of resource

CVE-2022-32754 | IBM Security Verify Directory 10.0.0 Web UI cross site scripting (XFDB-228445)

CVE-2023-20249 | Cisco TelePresence Management Suite Web-based Management Interface cross site scripting (cisco-sa-tms-portal-xss-AXNeVg3s)