JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollpicture/list.
jflyfox jfinal cms 5.1.0