In Jspxcms 9.0.0, a vulnerable URL routing implementation allows remote code execution after logging in as web admin.
jspxcms jspxcms 9.0.0