CVE-2026-10203 | OFCMS 1.1.3 JSON Query Interface SystemParamController.java query sql injection (IJLIYP)

Inserito da Angelo Barbosa | Mag 31, 2026 | CVE

A vulnerability labeled as critical has been found in OFCMS 1.1.3. Impacted is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSystemParamController.java of the component JSON Query Interface. The manipulation results in sql injection.

This vulnerability is reported as CVE-2026-10203. The attack can be launched remotely. Moreover, an exploit is present.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-10203 | OFCMS 1.1.3 JSON Query Interface SystemParamController.java query sql injection (IJLIYP)

Post correlati

CVE-2025-24826 | Acronis Snap Deploy up to 4624 on Windows default permission

CVE-2024-11282 | wpchill Passster Plugin up to 4.2.10 on WordPress Password Protect Page information disclosure

CVE-2026-9519 | stonith404 pingvin-share up to 1.13.0 Sign-in Auto-Redirect signIn.tsx getServerSideProps redirect cross site scripting

CVE-2023-21470 | Samsung Devices SLocation com.samsung.android.wifi.NETWORK_LOCATION access control