J2EEFAST v2.7.0 exists to contain a SQL injection vulnerability via the findPage function in SysLoginInfoMapper.xml.