J2EEFAST v2.7.0 exists to contain a SQL injection vulnerability via the findPage function in ProcessDefinitionMapper.xml.