CVE-2022-37199

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.

CVE-2022-37223

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.

CVE-2022-36527

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.

CVE-2022-34928

JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user.