EIP-2026-114556

This exploit demonstrates a file upload vulnerability in YUI Images Script, allowing an attacker to upload a malicious PHP file disguised as an image (e.g., .php.giff) and achieve remote code execution (RCE). The exploit is trivial, requiring no authentication, and relies on the server misinterpreting the file extension.