In most basic form it would just be form with URL that (lib)curl is later supposed to fetch. And target server (controlled by researcher) is supposed to send payload that triggers RCE in client.

Sure, it covers a very narrow scope but I am afraid the bigger issue would be that it is going to get spammed with submitted links. And those links will often be to strait up illegal content, it might not matter that such server instantly deletes all downloaded files.