EIP-2026-113413

This exploit targets a SQL injection vulnerability in WHMCS 5.2.7 by leveraging a CSRF token to authenticate and inject malicious SQL payloads via the 'firstname' parameter. It extracts admin credentials and client counts from the database.