Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote malicious user to execute arbitrary code via the template function.
jfinal jfinal 4.9.08