CVE-2026-5660

Name of the Vulnerable Software and Affected Versions itsourcecode Construction Management System version 1.0

Description A SQL injection issue exists in itsourcecode Construction Management System version 1.0. The issue is located in an unknown function within the /borrowed equip.php file of the Parameter Handler component. Manipulation of the emp argument can lead to SQL injection. The attack can be initiated remotely and has been publicly disclosed.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the /borrowed equip.php file or the Parameter Handler component.