CVE-2026-10204 – OFCMS JSON Query SysUserController.java query sql injection

CVE ID :CVE-2026-10204

Published : June 1, 2026, 12:16 a.m. | 16 minutes ago

Description :A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-10203 – OFCMS JSON Query SystemParamController.java query sql injection

CVE-2026-10202 – OFCMS JSON Query SystemDictController.java query sql injection

CVE-2026-10201 – Assimp UV Channel FBXExporter.cpp WriteObjects divide by zero

CVE-2026-10206 – D-Link DI-8400 dbsrv.asp stack-based overflow