CVE-2026-10202

A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated...

CVE-2026-10202

CVE-2026-10202 affects OFCMS 1.1.3. The vulnerability resides in the JSON Query Interface, specifically the function Query in SystemDictController.java, enabling SQL injection. The issue can be triggered remotely and a public exploit is available. Documents do not provide a remediation or patched...

CVE-2026-10202

A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated...

novel-plus SQL注入漏洞

novel-plus novel-plus is a multi-end PC, WAP reading, well-functioning original literature CMS system. A security vulnerability exists in novel-plus version 3.6.2, which stems from a problem in the file DictController.java, where the operation of the parameter orderby can lead to sql injection...