CVE-2026-5675

Name of the Vulnerable Software and Affected Versions itsourcecode Construction Management System version 1.0

Description A SQL injection flaw exists in the Parameter Handler component of itsourcecode Construction Management System. The issue is located in the /borrowed tool.php file, specifically through manipulation of the emp argument. This allows for remote exploitation. The exploit has been publicly disclosed.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the /borrowed tool.php file.