EIP-2026-108073

The exploit demonstrates a Local File Inclusion (LFI) vulnerability in Jcow 4.2.1 by manipulating the 'p' parameter to traverse directories and include arbitrary files, such as 'windows/win.ini'. The PoC uses URL-encoded directory traversal sequences to bypass path restrictions.