There is a SQL injection vulnerability exists in JFinal CMS 5.1.0  again

you can use the route  /jfinal_cms/system/role/list
then  use sqlmap attack  the interface 
like this :
![f097bb66a1e76ef93f3834b319a6b30](https://user-images.githubusercontent.com/56295743/181655295-926a52dc-37c0-4f99-81df-64acd5806af2.jpg)
