[原文]Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, related to newly registered users and possibly authorization checks, have unknown impact and attack vectors involving (1) mvc/controller/user_request_analysis.inc.php and (2) usr/xml/ddc/authorization.xml.
Sapid CMS contains a flaw that may allow a malicious user to upload files or images without being authenticated. The issue is caused due to missing access control on the "usr/system/insert_file.php", "usr/system/insert_image.php", "usr/system/insert_link.php", "usr/system/insert_qcfile.php", and "usr/system/edit.php" scripts.
Upgrade to version 1.2.3.03 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.