EIP-2026-104408

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in ProcessMaker <= 3.5.4, allowing an attacker to read arbitrary files (e.g., /etc/passwd) via path traversal. The PoC includes curl commands and a reference to a Jaeles scanner signature.