EUVD-2026-33515
GHSA-9j66-w44g-r7xq
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A security flaw has been discovered in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\ComnController.java of the component ComnController. Performing a manipulation of the argument system.user.query results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
SQL injection in OFCMS versions up to 1.1.3 allows remote low-privileged attackers to inject arbitrary SQL through the system.user.query argument within the ComnController.Query function, achieving partial compromise of confidentiality, integrity, and availability against the underlying database. Publicly available exploit code exists - referenced via Gitee issue IJLFCA - elevating practical risk above what the moderate CVSS base score of 6.3 alone suggests. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires possession of at least one valid low-privileged OFCMS administrative account, confirmed by the CVSS PR:L vector - completely unauthenticated exploitation is not supported by available data. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 base score of 6.3 reflects network-accessible (AV:N), low-complexity (AC:L) exploitation requiring a low-privilege account (PR:L) with partial and symmetric CIA impact (C:L/I:L/A:L) and unchanged scope (S:U). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained or brute-forced a low-privileged OFCMS admin account sends a crafted HTTP request to the `ComnController` query endpoint with a SQL injection payload embedded in the `system.user.query` parameter, extracting database records such as user credential hashes or sensitive CMS configuration. Because a public POC is available via Gitee issue IJLFCA, the technical barrier to replication is minimal for any actor who clears the credential prerequisite. … |
| Remediation | No vendor-released patch has been identified at time of analysis; the project maintainer has not responded to the responsible disclosure, confirmed by RL:X in the CVSS temporal vector. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Local denial of service in Android's PackageInstaller subsystem stems from a logic error in PackageInstallerSession.tran
Remote code execution in Spring for GraphQL versions 1.3.0-1.3.8, 1.4.0-1.4.5, and 2.0.0-2.0.3 allows unauthenticated at
NoSQL/query injection in Spring AI Vector Stores (1.0.0-1.0.8 and 1.1.0-1.1.7) allows remote unauthenticated attackers t
Origin validation failure in Spring Cloud Gateway (WebMVC and WebFlux Server variants) allows remote attackers to spoof
Server-Side Request Forgery in Spring Web Services (versions 3.1.0-3.1.8, 4.0.0-4.0.18, 4.1.0-4.1.3, and 5.0.0-5.0.1) al
Share
External POC / Exploit Code
Leaving vuln.today