Cicada-known Enterprise Portal system v2. 5 sql injection to admin-vulnerability warning-the black bar safety net

The problem is when the user modifies the information of the place /system/module/user/control.php public function edit$account = " if!$ account or RUNMODE == 'front' $account = $this-app-user-account; if$this-app-user-account == 'guest' $this-locateinlink'login'; if! empty$POST...