Qiuwh

Name of the Vulnerable Software and Affected Versions itsourcecode Construction Management System version 1.0 Description A flaw exists in itsourcecode Construction Management System 1.0 that allows for SQL injection through manipulation of the `Home` parameter in a file, `/borrowed equip report.php`, within the Parameter Handler component. The attack can be initiated remotely. The exploit has been publicly disclosed. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.