JFinal CMS v5.1.0 exists to contain a SQL injection vulnerability via /system/user.
jflyfox jfinal cms 5.1.0