EIP-2026-111978

This exploit targets SendCard <= 3.4.0, leveraging an authentication bypass vulnerability in admin/prepend.php to execute arbitrary commands via PHP injection, remote file inclusion, or local file inclusion. The PoC provides multiple attack vectors depending on PHP configuration settings.