CVE-2024-50972

Name of the Vulnerable Software and Affected Versions: Itsourcecode Construction Management System version 1.0

Description: A SQL injection issue in printtool.php allows remote attackers to execute arbitrary SQL commands via the borrow id parameter. This enables attackers to manipulate database queries, potentially leading to unauthorized data access or modification.

Recommendations: For Itsourcecode Construction Management System version 1.0, as a temporary workaround, consider restricting access to the printtool.php file or disabling the borrow id parameter until a patch is available. Avoid using the borrow id parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.