EIP-2026-104200

This exploit demonstrates an authenticated remote code execution (RCE) vulnerability in ChurchRota 2.6.4. It logs in with low-privilege credentials, uploads a malicious PHP file via a file upload endpoint, and triggers execution to establish a reverse shell.