CVE-2022-38286
CVE-2022-38286 affects JFinal CMS 5.1.0 and is exploitable via the /system/role/list endpoint, enabling SQL injection. The provided sources consistently reference this endpoint vulnerability but do not publish a confirmed fixed version in the documents. CVSSv3.1 base score is 7.2 (High) with impa...