EIP-2026-113924

This exploit demonstrates a SQL injection vulnerability in NEX-Forms 3.0 via the 'nex_forms_Id' parameter in the 'submit_nex_form' AJAX function. The PoC includes a time-based blind SQL injection payload and sqlmap commands to confirm exploitation.