JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function.