JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.
jflyfox jfinal cms 5.1.0