Description
JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.
Remediation
References
https://github.com/jflyfox/jfinal_cms/issues/49
Related Vulnerabilities
CVE-2020-28282 Vulnerability in maven package org.webjars.npm:getobject
CVE-2020-7690 Vulnerability in maven package org.webjars.bowergithub.mrrio:jspdf
CVE-2022-25929 Vulnerability in npm package smoothie
CVE-2022-25898 Vulnerability in npm package jsrsasign
CVE-2021-40146 Vulnerability in maven package org.apache.any23:apache-any23-core