https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/
The exploit uses an union-based SQL injection and into_outfile functionality to first upload PHP webshell on the server and then execute reverse shell payload (base64-encoded) on the target. Tested on Windows 10 with XAMPP. If you want to use this exploit against other systems, you should find a location you have necessary privileges to write to and edit the shellcode (base64 encoded).
This is for educational purposes only. I do not encourage nor do I take responsibility for any unethical or illegal activities related to this exploit.