A weakness has been identified in OFCMS 1.1.3
A SQL injection vulnerability exists in the Query function of the SysUserController class in OFCMS 1.1.3, which can be exploited by manipulating JSON query interface data. This can lead to unauthorized data access or modification. The vulnerability can be triggered remotely.
A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
OFCMS 1.1.3 users are at medium risk of unauthorized data access or modification via remotely triggered SQL injection exploits.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
0
Affected Products
5
References
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Exploitability
Impact