JFinal CMS v5.1.0 exists to contain a remote code execution (RCE) vulnerability via the ActionEnter function.
jflyfox jfinal cms 5.1.0