EIP-2026-111795

This exploit leverages a PHP code injection vulnerability in RoSPORA <= 1.5.0 due to unsanitized input in the 's' parameter, which is passed to create_function(). It establishes a remote shell by injecting arbitrary PHP code via HTTP requests.