EIP-2026-113335

This exploit demonstrates two vulnerabilities in WebPA v1.1.0.1: arbitrary file upload and arbitrary admin addition. The file upload exploit bypasses authentication via a crafted cookie and uploads a PHP file, while the admin addition exploit leverages CSV injection to create a new admin user.