EIP-2026-110426

This exploit leverages a remote command execution vulnerability in Ovidentia Widgets 1.0.61 by manipulating the $GLOBALS['babInstallPath'] parameter in /programs/groups.php. It sends crafted HTTP requests to execute arbitrary commands on the target system.