ofcms OFCMS v1.1.3 SQL Injection정보

제목	https://gitee.com/oufu/ofcms OFCMS v1.1.3 SQL Injection
설명	The ComnController component in ofcms v1.1.3 contains an SQL injection vulnerability when using the query() method to handle general query requests. This vulnerability stems from improper validation of the field parameter. Because this parameter is directly appended to the ORDER BY clause of the backend SQL, attackers can perform blind SQL injection by constructing complex SQL expressions (including nested subqueries and Boolean logic).
원천	⚠️ https://gitee.com/oufu/ofcms/issues/IJLFCA
사용자	DaytimeHeaven (UID 96977)
제출	2026. 05. 06. PM 06:03 (1 월 ago)
모더레이션	2026. 05. 30. PM 07:58 (24 days later)
상태	수락
VulDB 항목	367474 [OFCMS 까지 1.1.3 ComnController ComnController.java query system.user.query SQL 주입]
포인트들	20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!