## https://sploitus.com/exploit?id=CNVD-2022-47415
Jfinal CMS is a powerful information consulting website developed by java, using the simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS version 5.1 has a SQL injection vulnerability, the vulnerability originates from the /admin/ The folder path is directly spliced from the getOrderby function, an attacker can use this vulnerability to conduct SQL injection attacks.