EIP-2026-109041

This exploit demonstrates an arbitrary file upload vulnerability in Kordil EDMS 2.2.60rc3 via a multipart/form-data POST request to 'routine_emails_to_all_users_add.php', allowing an attacker to upload a malicious PHP file. It also includes SQL injection examples targeting 'users_edit.php' and 'personal_notebook_category_edit.php'.