CVE-2026-10193 – OFCMS ComnController ComnController.java query sql injection

CVE ID :CVE-2026-10193

Published : May 31, 2026, 4:15 p.m. | 17 minutes ago

Description :A security flaw has been discovered in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollerComnController.java of the component ComnController. Performing a manipulation of the argument system.user.query results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-10191 – Tenda W12 httpd cgiWifiMacFilterSet stack-based overflow

CVE-2026-10190 – Tenda W12 Web Management httpd cgiSysWebTimeoutSet denial of service

CVE-2026-10189 – Tenda W12 httpd cgiSysTimeInfoSet stack-based overflow

CVE-2026-10192 – Tenda W12 httpd set_local_time_0 stack-based overflow