EIP-2026-104437

This exploit demonstrates an arbitrary file upload vulnerability in SmarterMail 16.x by leveraging authenticated API endpoints to upload a file and then move it to a web-accessible directory via directory traversal. The PoC includes authentication, folder creation, file upload, and path manipulation to achieve remote code execution.