EIP-2026-110389

This exploit demonstrates a remote file upload vulnerability in osCSS 1.2.1, allowing an attacker to upload and execute arbitrary files via the file manager. The PoC provides HTML forms to upload files and create new files with arbitrary content.