Soumettre #820665: https://gitee.com/oufu/ofcms OFCMS v1.1.3 SQL Injectioninformation

Titrehttps://gitee.com/oufu/ofcms OFCMS v1.1.3 SQL Injection
DescriptionThe ComnController component in ofcms v1.1.3 contains an SQL injection vulnerability when using the query() method to handle general query requests. This vulnerability stems from improper validation of the field parameter. Because this parameter is directly appended to the ORDER BY clause of the backend SQL, attackers can perform blind SQL injection by constructing complex SQL expressions (including nested subqueries and Boolean logic).
La source⚠️ https://gitee.com/oufu/ofcms/issues/IJLFCA
Utilisateur
 DaytimeHeaven (UID 96977)
Soumission06/05/2026 18:03 (il y a 1 mois)
Modérer30/05/2026 19:58 (24 days later)
StatutAccepté
Entrée VulDB367474 [OFCMS jusqu’à 1.1.3 ComnController ComnController.java query system.user.query injection SQL]
Points20

PrécédentAperçuSuivant

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!