CVE-2026-7074

Name of the Vulnerable Software and Affected Versions itsourcecode Construction Management System version 1.0

Description A remote SQL injection exists in the '/execute1.php' endpoint. This issue occurs due to improper handling of the code argument, allowing an attacker to manipulate database queries.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the '/execute1.php' file to minimize the risk of exploitation.