A SQL injection vulnerability exists in OFCMS 1.1.3 within the Query function of SystemParamController.java, specifically in the JSON Query Interface component. The vulnerability allows remote attackers to manipulate SQL queries through the affected interface. The issue was reported to the project maintainers via a Gitee issue tracker entry prior to public disclosure, but no response or fix has been issue [truncated]
A SQL injection vulnerability exists in OFCMS 1.1.3 within the Query function of SystemDictController.java, affecting the JSON Query Interface. The vulnerability allows remote attackers to manipulate SQL queries through the affected component. The issue was reported to the project maintainers via Gitee but had not received a response at the time of CVE publication. The exploit is publicly available, thoug [truncated]
