ofcms OFCMS v1.1.3 SQL Injectionthông tin

tiêu đề	ttps://gitee.com/oufu/ofcms OFCMS v1.1.3 SQL Injection
Mô tả	An SQL injection vulnerability exists in the SystemParamController.java component of ofcms v1.1.3. This vulnerability lies in the /admin/system/param/query.json interface, which is called when processing query requests using the query() method. The vulnerability stems from improper validation of the field parameter. Because this parameter is directly appended to the ORDER BY clause of the backend SQL, attackers can perform blind SQL injection by constructing complex SQL expressions (including nested subqueries and Boolean logic).
Nguồn	⚠️ https://gitee.com/oufu/ofcms/issues/IJLIYP
Người dùng	DaytimeHeaven (UID 96977)
Đệ trình	07/05/2026 05:23 (cách đây 1 tháng)
Kiểm duyệt	31/05/2026 08:36 (24 days later)
Trạng thái	được chấp nhận
Mục VulDB	367483 [OFCMS 1.1.3 JSON Query Interface SystemParamController.java query Tiêm SQL]
điểm	20

Might our Artificial Intelligence support you?

Check our Alexa App!