EIP-2026-107100

This exploit demonstrates a SQL injection vulnerability in Find a Place CMS Directory 1.5 via the 'cate' parameter in a POST request to 'assets/external/data_2.php'. The payload extracts admin credentials (username, password, and email) using a UNION-based attack.