EIP-2026-114077

This exploit demonstrates a blind SQL injection vulnerability in WordPress SP Project & Document Manager 2.5.3. The 'pid' parameter in the 'thumbnails' function is not sanitized, allowing unauthorized users to execute SQL queries.