Soumettre #821697: https://gitee.com/oufu/ofcms OFCMS v1.1.3 SQL Injectioninformation

Titrehttps://gitee.com/oufu/ofcms OFCMS v1.1.3 SQL Injection
DescriptionAn SQL injection vulnerability exists in the SysUserController.java component of ofcms v1.1.3. This vulnerability lies in the /admin/system/user/getData.json interface, which is called when processing query requests using the query() method. The vulnerability stems from improper validation of the field parameter. Because this parameter is directly appended to the ORDER BY clause of the backend SQL, attackers can perform blind SQL injection by constructing complex SQL expressions (including nested subqueries and Boolean logic).
La source⚠️ https://gitee.com/oufu/ofcms/issues/IJLL09
Utilisateur
 DaytimeHeaven (UID 96977)
Soumission07/05/2026 08:42 (il y a 30 jours)
Modérer31/05/2026 08:36 (24 days later)
StatutAccepté
Entrée VulDB367484 [OFCMS 1.1.3 JSON Query Interface SysUserController.java query injection SQL]
Points20

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!