[原文]SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via a direct request to admin/PhpMyExplorer/editerfichier.php, then editing the desired file to contain the PHP code, as demonstrated using header.php in the fichier parameter. NOTE: it is possible that this vulnerability stems from PhpMyExplorer, which is a separate package.
SaveWebPortal contains a flaw that may allow a remote attacker to bypass authentication settings and execute arbitrary code. The problem is that the application does not restrict access to the 'editerfichier.php' script, which may allow a remote attacker to arbitrary manipulate files and inlcude PHP scripts that would be executed on the server resulting in a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.