Description
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.
Remediation
References
https://github.com/jflyfox/jfinal_cms/issues/49
Related Vulnerabilities
CVE-2022-35204 Vulnerability in npm package vite
CVE-2020-28458 Vulnerability in npm package datatables.net
CVE-2022-39312 Vulnerability in maven package io.dataease:dataease-plugin-common
CVE-2018-16485 Vulnerability in npm package m-server
CVE-2020-13921 Vulnerability in maven package org.apache.skywalking:storage-jdbc-hikaricp-plugin