JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.
jflyfox jfinal cms 5.1.0