| शीर्षक | https://gitee.com/oufu/ofcms OFCMS v1.1.3 SQL Injection |
|---|
| विवरण | The ComnController component in ofcms v1.1.3 contains an SQL injection vulnerability when using the query() method to handle general query requests. This vulnerability stems from improper validation of the field parameter. Because this parameter is directly appended to the ORDER BY clause of the backend SQL, attackers can perform blind SQL injection by constructing complex SQL expressions (including nested subqueries and Boolean logic). |
|---|
| स्रोत | ⚠️ https://gitee.com/oufu/ofcms/issues/IJLFCA |
|---|
| उपयोगकर्ता | DaytimeHeaven (UID 96977) |
|---|
| सबमिशन | 06/05/2026 06:03 PM (29 दिन पहले) |
|---|
| संयम | 30/05/2026 07:58 PM (24 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367474 [OFCMS तक 1.1.3 ComnController ComnController.java query system.user.query SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|