A vulnerability identified as critical has been detected in OFCMS 1.1.3 . This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface . The manipulation leads to sql injection. This vulnerability is documented as CVE-2026-10202 . The attack can be initiated remotely. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has n