[原文]mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote attackers to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via the del action.
Adam Mmedici File Upload Manager File Arbitrary File Deletion
Remote / Network Access
Loss of Integrity
File Upload Manager contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'act' variable. This may allow an attacker to delete arbitrary files on the remote web server.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.