EIP-2026-109903

The exploit demonstrates multiple vulnerabilities in New-CMS 1.08, including Full Path Disclosure, Local File Inclusion, Persistent XSS, and XSRF. It provides functional proof-of-concept code for exploiting these vulnerabilities, including HTTP requests for privilege escalation and file upload.