EIP-2026-104707

This exploit demonstrates multiple SQL injection vulnerabilities in AC Repair and Services System v1.0, including time-based blind SQLi in the 'id' parameter of manage_user.php and delete_inquiry function, and boolean-based blind SQLi in the Users.php update functionality. The PoC includes sqlmap commands and HTTP request examples to exploit these vulnerabilities.