Invia #820665: https://gitee.com/oufu/ofcms OFCMS v1.1.3 SQL Injectioninformazioni

Titolohttps://gitee.com/oufu/ofcms OFCMS v1.1.3 SQL Injection
DescrizioneThe ComnController component in ofcms v1.1.3 contains an SQL injection vulnerability when using the query() method to handle general query requests. This vulnerability stems from improper validation of the field parameter. Because this parameter is directly appended to the ORDER BY clause of the backend SQL, attackers can perform blind SQL injection by constructing complex SQL expressions (including nested subqueries and Boolean logic).
Fonte⚠️ https://gitee.com/oufu/ofcms/issues/IJLFCA
Utente
 DaytimeHeaven (UID 96977)
Sottomissione06/05/2026 18:03 (2 mesi fa)
Moderazione30/05/2026 19:58 (24 days later)
StatoAccettato
Voce VulDB367474 [OFCMS fino a 1.1.3 ComnController ComnController.java query system.user.query iniezione SQL]
Punti20

Want to know what is going to be exploited?

We predict KEV entries!