EIP-2026-114416

This exploit demonstrates a Remote Command Execution (RCE) vulnerability in XCMS v1.83 by leveraging an unauthenticated file inclusion flaw in the footer modification functionality. The exploit allows an attacker to inject arbitrary PHP code into the footer file, leading to full system compromise.