limited freemarker ssti to arbitrary liql query and manage lithium cms

we faced (w/ @celalerdik) an interesting ssti vulnerability on a bugcrowd's program. we could show the traditional '49' number when trying the ${7*7} command, also we could execute the assign directive reference like below.…