EIP-2026-109958

This exploit demonstrates an arbitrary file upload vulnerability in Notes Manager 1.0, allowing an attacker to upload a malicious PHP file (e.g., phpinfo.php) via a multipart/form-data POST request, leading to remote code execution (RCE).