An issue exists in OFCMS prior to 1.1.3. It allows admin/system/generate/create?sql= SQL injection, related to SystemGenerateController.java.
ofcms project ofcms