CVE-2026-7075

Name of the Vulnerable Software and Affected Versions itsourcecode Construction Management System version 1.0

Description An issue exists in the processing of the '/locations.php' endpoint. A remote attacker can perform a SQL injection—a technique where malicious SQL statements are inserted into entry fields for execution—by manipulating the address parameter.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/locations.php' file or avoid using the address parameter until a patch is available.