ofcms OFCMS v1.1.3 SQL Injection정보

제목	https://gitee.com/oufu/ofcms OFCMS v1.1.3 SQL Injection
설명	An SQL injection vulnerability exists in the SysUserController.java component of ofcms v1.1.3. This vulnerability lies in the /admin/system/user/getData.json interface, which is called when processing query requests using the query() method. The vulnerability stems from improper validation of the field parameter. Because this parameter is directly appended to the ORDER BY clause of the backend SQL, attackers can perform blind SQL injection by constructing complex SQL expressions (including nested subqueries and Boolean logic).
원천	⚠️ https://gitee.com/oufu/ofcms/issues/IJLL09
사용자	DaytimeHeaven (UID 96977)
제출	2026. 05. 07. AM 08:42 (29 날 ago)
모더레이션	2026. 05. 31. AM 08:36 (24 days later)
상태	수락
VulDB 항목	367484 [OFCMS 1.1.3 JSON Query Interface SysUserController.java query SQL 주입]
포인트들	20

Do you want to use VulDB in your project?

Use the official API to access entries easily!