Itsourcecode · Itsourcecode Construction Management System · CVE-2026-5675
Name of the Vulnerable Software and Affected Versions
itsourcecode Construction Management System version 1.0
Description
A SQL injection flaw exists in the Parameter Handler component of itsourcecode Construction Management System. The issue is located in the `/borrowed tool.php` file, specifically through manipulation of the `emp` argument. This allows for remote exploitation. The exploit has been publicly disclosed.
Recommendations
Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `/borrowed tool.php` file.