CVE-2026-10204 OFCMS JSON Query SysUserController.java query sql injection

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...

EUVD-2023-28770

Malicious code in bioql PyPI...

CVE-2024-48235

An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file...

CVE-2023-51807

Cross Site Scripting vulnerability in OFCMS v.1.14 allows a remote attacker to obtain sensitive information via a crafted payload to the title addition component...

CVE-2025-1557

A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used...

PT-2024-25773 · Ofcms · Ofcms

Name of the Vulnerable Software and Affected Versions: OFCMS version 1.1.2 Description: The issue allows for SQL Injection via the new table function. Recommendations: For OFCMS version 1.1.2, update to a version that fixes this issue, however at the moment, there is no information about a newer...

CVE-2023-24760

An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...

CVE-2023-24760

An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...

CVE-2023-24760

An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController...

Cross site scripting

OFCMS v1.1.4 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/comn/service/update.json...

CVE-2022-27960

Insecure permissions configured in the userid parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information...

ofcms v1.1.4 backend existence of arbitrary file reading vulnerability

OFCMS is a content management system developed based on java technology. OFCMS v1.1.4 there are arbitrary file reading vulnerabilities in the background, the vulnerability stems from the program fails to properly validate the user data, remote attackers can use the vulnerability to read the...

CVE-2019-9612

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/comn/service/upload URI...