Description
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.
Remediation
References
https://github.com/jflyfox/jfinal_cms/issues/48
Related Vulnerabilities
CVE-2022-23540 Vulnerability in maven package org.webjars.npm:jsonwebtoken
CVE-2018-3715 Vulnerability in npm package glance
CVE-2021-21181 Vulnerability in maven package org.webjars.npm:electron
CVE-2023-38507 Vulnerability in npm package @strapi/plugin-users-permissions
CVE-2020-13445 Vulnerability in maven package com.liferay:com.liferay.portal.template.velocity