Enviar #821197: ttps://gitee.com/oufu/ofcms OFCMS v1.1.3 SQL Injectioninformación

Títulottps://gitee.com/oufu/ofcms OFCMS v1.1.3 SQL Injection
DescripciónAn SQL injection vulnerability exists in the SystemParamController.java component of ofcms v1.1.3. This vulnerability lies in the /admin/system/param/query.json interface, which is called when processing query requests using the query() method. The vulnerability stems from improper validation of the field parameter. Because this parameter is directly appended to the ORDER BY clause of the backend SQL, attackers can perform blind SQL injection by constructing complex SQL expressions (including nested subqueries and Boolean logic).
Fuente⚠️ https://gitee.com/oufu/ofcms/issues/IJLIYP
Usuario
 DaytimeHeaven (UID 96977)
Sumisión2026-05-07 05:23 (hace 1 mes)
Moderación2026-05-31 08:36 (24 days later)
EstadoAceptado
Entrada de VulDB367483 [OFCMS 1.1.3 JSON Query Interface SystemParamController.java query inyección SQL]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!