EIP-2026-112562

This exploit demonstrates SQL injection vulnerabilities in TaskHub 2.8.7 via multiple GET parameters (project, status, user_id, sort, search). It includes time-based blind payloads for MySQL, confirming the vulnerability's exploitability.