EIP-2026-113188

This exploit demonstrates an unauthenticated SQL injection vulnerability in WBCE CMS 1.6.0 via the `miniform` module. The PoC shows how an attacker can inject malicious SQL queries through the `DB_RECORD_TABLE` parameter, bypassing the `addslashes()` function due to its inability to escape backticks.