[原文]SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5) edit.php.
SAPID CMS Multiple Script Direct Request Authentication Bypass
Remote / Network Access
Loss of Integrity
SAPID CMS contains a flaw that may allow an attacker to gain access to resources without authenticating. The issue occurs when a remote attacker makes a direct request to any one of a number of scripts. Such a request will bypass the built-in authentication routine, allowing unrestricted access to the CMS.
Upgrade to version 1.2.3.03 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.