EIP-2026-104736

This advisory details a PHP code execution vulnerability in the jui_filter_rules library, where attacker-controlled input in the 'filter_value_conversion_server_side' parameter allows arbitrary PHP function execution via 'call_user_func_array'. The PoC demonstrates RCE by executing 'shell_exec' to read '/etc/passwd'.