Ba1_Ma0 issues

Results 2 issues of


                                            Ba1_Ma0

jfinal CMS v5.1.0 has a command execution vulnerability exists

jfinal_cms version：5.1.0 JDK version : jdk-8u351 The ActionEnter class is instantiated in the index method of the /ueditor route ![image](https://user-images.githubusercontent.com/52622597/218020013-817ef70b-822c-4926-8145-87a6d0615e63.png) The ConfigManager class is instantiated in the constructor of the...

wangmarket CMS v6.1 has a SQL injection

wangmarket CMS version：v4.10 ``` com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java ``` ![image](https://user-images.githubusercontent.com/52622597/218030745-c5bf7511-6d57-4ad9-8203-24a348cdea0b.png) ![image](https://user-images.githubusercontent.com/52622597/218030811-e0afa3e2-bcfe-4213-b223-f775e159beaf.png) The query statement directly brings the user's input into mysql for query without filtering, resulting in sql injection vulnerability Sql injection vulnerability...