EIP-2026-109435

This exploit targets a PHP code injection vulnerability in MetInfo 3.0 by leveraging an undefined variable in `common.inc.php` to execute arbitrary PHP code via a base64-encoded payload. It writes a malicious PHP file to the server and verifies execution by accessing it.