EIP-2026-113009

This Python script exploits a SQL injection vulnerability in vBulletin 5.6.1 (CVE-2020-12720) via the 'nodeId' parameter, allowing an attacker to extract sensitive data, reset administrator passwords, and potentially achieve remote code execution. The exploit demonstrates a full attack chain from SQLi to account takeover.