EIP-2026-100109

This advisory details two vulnerabilities in aradBlog <= 1.2.8: an authentication bypass via a virtual path ('mainadmin') and an arbitrary file upload vulnerability in the downloads.aspx page. The writeup includes technical details such as affected code paths and PoC URLs.