A vulnerability marked as critical has been reported in OFCMS 1.1.3 . The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface . This manipulation causes sql injection. This vulnerability appears as CVE-2026-10204 . The attack may be initiated remotely. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not r