EIP-2026-114049

This exploit demonstrates an arbitrary file upload vulnerability in WordPress Plugin Simple File List 4.2.2, allowing unauthenticated remote code execution by uploading a malicious PHP file disguised as an image and renaming it to execute arbitrary commands.