EIP-2026-114557

The exploit demonstrates a SQL injection vulnerability in YVS Image Gallery 0.0.0.1, allowing remote attackers to extract user credentials via a crafted UNION-based SQL query. The provided PHP script automates the exploitation using cURL to fetch sensitive data from the 'user' table.