EIP-2026-106959

This exploit demonstrates an arbitrary file upload vulnerability in Expense Management 1.0, allowing an attacker to upload a malicious PHP file (e.g., phpinfo.php) via a multipart/form-data POST request to the /user/add_edit endpoint. The uploaded file can then be accessed at /assets/images/[FILE], leading to remote code execution (RCE).