EIP-2026-110725

This exploit demonstrates Local File Inclusion (LFI) and SQL Injection (SQLi) vulnerabilities in MBB CMS <= 004. The LFI is achieved via path traversal and null byte injection, while SQLi is demonstrated through union-based attacks.