48 matches found
CVE-2026-62392
CVE-2026-62392 is an OS Command Injection vulnerability in Apache Kylin, affecting versions 4 through 5.0.3. The issue arises when the backend API may pass job configuration parameters to the OS command line, allowing potentially unauthorized command execution. The vulnerability is rated with hig...
CVE-2026-62147
The Tempo Operator's gateway component failed to consistently apply namespace-scoped redaction on some query API response paths when query RBAC was enabled, allowing an authenticated user to read span attributes belonging to other tenants' namespaces. Mitigation There is no mitigation or workarou...
CVE-2026-10204
A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...
CVE-2026-10203
A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemParamController.java of the component JSON Query Interface. The manipulation results in sql injection. The attack can be launched...
EUVD-2026-33524
A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated...
EUVD-2026-33525
A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemParamController.java of the component JSON Query Interface. The manipulation results in sql injection. The attack can be launched...
EUVD-2026-33526
A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...
CVE-2026-10202
A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated...
CVE-2026-10204
A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...
CVE-2026-10203
A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemParamController.java of the component JSON Query Interface. The manipulation results in sql injection. The attack can be launched...
OFCMS SQL注入漏洞
OFCMS is a content management system developed by the Oufu individual developers. Version OFCMS 1.1.3 has a SQL injection vulnerability, which stems from an SQL injection in the Query function of the SystemParamController.java file within the JSON query interface...
CVE-2026-10204 OFCMS JSON Query SysUserController.java query sql injection
A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...
CVE-2026-10204
A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...
CVE-2026-10204 OFCMS JSON Query SysUserController.java query sql injection
A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...
CVE-2026-10203
The report identifies CVE-2026-10203 affecting OFCMS 1.1.3. The vulnerability lies in the JSON Query Interface: the Query function in OFCMS-admin/src/main/java/com/ofsoft/cms/admin/controller/system/SystemParamController.java, which enables SQL injection. This can be triggered remotely, with publ...
CVE-2026-10203
A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemParamController.java of the component JSON Query Interface. The manipulation results in sql injection. The attack can be launched...
CVE-2026-10202
A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated...
CVE-2026-10202 OFCMS JSON Query SystemDictController.java query sql injection
A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated...
PT-2026-45219
A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated remotely. T...
PT-2026-45220
A security flaw has been discovered in OFCMS 1.1.3. Impacted is the function Query of the file ofcms-adminsrcmainjavacomofsoftcmsadmincontrollersystemSystemParamController.java of the component JSON Query Interface. The manipulation results in sql injection. The attack can be launched remotely. T...