An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows malicious users to execute a directory traversal.
jfinalcms project jfinalcms 5.0.0