Description
A security flaw has been discovered in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\ComnController.java of the component ComnController. Performing a manipulation of the argument system.user.query results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-31
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Query function of OFCMS’s ComnController.java allows an attacker to manipulate the system.user.query argument, enabling SQL injection. The affected code does not properly sanitize input, resulting in the ability to inject arbitrary SQL statements. This vulnerability can compromise database confidentiality and integrity by allowing attackers to read, modify, or delete data.

Affected Systems

The issue affects any deployment of OFCMS versions up to and including 1.1.3. The vulnerable code resides in the admin controller layer of the application, which is reachable through the public web interface unless further protected.

Risk and Exploitability

The CVSS score of 5.3 suggests moderate severity. The EPSS score is not available, but public exploit code has already been released, indicating that the vulnerability is actively exploited. The flaw is remotely exploitable via HTTP requests to the admin controller, and the vulnerability is not included in the CISA KEV catalogue. Attackers can gain unauthorized data access or disrupt database integrity from afar if the endpoint remains exposed.

Generated by OpenCVE AI on May 31, 2026 at 17:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OFCMS to a version that eliminates the insecure Query implementation or apply a vendor patch once it becomes available.
  • Validate all input to system.user.query or replace the vulnerable code with parameterized queries to prevent injection.
  • Place the admin interface behind a firewall or restrict its IP range to limit remote access.

Generated by OpenCVE AI on May 31, 2026 at 17:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 31 May 2026 16:30:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\ComnController.java of the component ComnController. Performing a manipulation of the argument system.user.query results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Title OFCMS ComnController ComnController.java query sql injection
First Time appeared Ofcms
Ofcms ofcms
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:ofcms:ofcms:*:*:*:*:*:*:*:*
Vendors & Products Ofcms
Ofcms ofcms
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Ofcms Ofcms
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-02T14:55:21.796Z

Reserved: 2026-05-30T17:58:10.154Z

Link: CVE-2026-10193

cve-icon Vulnrichment

Updated: 2026-06-02T14:55:09.856Z

cve-icon NVD

Status : Deferred

Published: 2026-05-31T17:16:31.417

Modified: 2026-06-01T15:15:37.293

Link: CVE-2026-10193

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T20:55:36Z

Weaknesses
  • CWE-74

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')