EIP-2026-105258

The exploit demonstrates two vulnerabilities in Simple PHP Shopping Cart 0.9: an arbitrary file upload via admin/add_cat.php (bypassing authentication with SQL injection) and a SQL injection in shop/page.php. The PoC includes HTTP requests with payloads for both issues.