Submeter #821181: https://gitee.com/oufu/ofcms OFCMS v1.1.3 SQL Injectioninformação

Títulohttps://gitee.com/oufu/ofcms OFCMS v1.1.3 SQL Injection
DescriçãoAn SQL injection vulnerability exists in the SystemDictController.java component of ofcms v1.1.3. This vulnerability lies in the /admin/system/dict/query.json interface, which is called when processing query requests using the query() method. The vulnerability stems from improper validation of the field parameter. Because this parameter is directly appended to the ORDER BY clause of the backend SQL, attackers can perform blind SQL injection by constructing complex SQL expressions (including nested subqueries and Boolean logic).
Fonte⚠️ https://gitee.com/oufu/ofcms/issues/IJLIBT
Utilizador
 DaytimeHeaven (UID 96977)
Submissão07/05/2026 04h45 (há 28 dias)
Moderação31/05/2026 08h33 (24 days later)
EstadoAceite
Entrada VulDB367482 [OFCMS 1.1.3 JSON Query Interface SystemDictController.java query Injeção SQL]
Pontos20

VoltarVisão GeralPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!