Improper access control in Jfinal CMS 5.1.0 allows malicious users to access sensitive information via /classes/conf/db.properties&config=filemanager.config.js.
jflyfox jfinal cms 5.1.0