CVE-2024-50971

Name of the Vulnerable Software and Affected Versions: Itsourcecode Construction Management System version 1.0

Description: A SQL injection issue in the print.php file allows remote attackers to execute arbitrary SQL commands via the map id parameter. This enables attackers to potentially extract or modify sensitive data. The issue can be exploited by sending crafted requests to the vulnerable endpoint, allowing for unauthorized access to database resources.

Recommendations: For Itsourcecode Construction Management System version 1.0, consider disabling the print.php file or restricting access to it until a patch is available. Avoid using the map id parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, restrict access to the print.php file to minimize the risk of exploitation.