Description
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.
Remediation
References
https://github.com/jflyfox/jfinal_cms/issues/49
Related Vulnerabilities
CVE-2020-28452 Vulnerability in maven package com.softwaremill.akka-http-session:core_2.12
CVE-2018-3767 Vulnerability in npm package memjs
CVE-2021-4278 Vulnerability in npm package tree-kit
CVE-2020-35149 Vulnerability in maven package org.webjars.npm:mquery
CVE-2022-25898 Vulnerability in maven package org.webjars.bowergithub.kjur:jsrsasign