EIP-2026-112056

This exploit demonstrates an arbitrary file upload vulnerability in SIM-PKH 2.4.1, allowing attackers to upload malicious PHP files via a POST request to the admin module. The uploaded file is accessible at a predictable path, leading to remote code execution.