CVE-2026-5620 | itsourcecode Construction Management System 1.0 Parameter borrowed_equip_report.php Home sql injection

Inserito da Angelo Barbosa | Apr 5, 2026 | CVE

A vulnerability was found in itsourcecode Construction Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /borrowed_equip_report.php of the component Parameter Handler. The manipulation of the argument Home leads to sql injection.

This vulnerability is traded as CVE-2026-5620. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

CVE-2026-5620 | itsourcecode Construction Management System 1.0 Parameter borrowed_equip_report.php Home sql injection

Post correlati

CVE-2024-47651 | Shilpi Computers Client Dashboard prior 9.7.0 API Endpoint parameter pollution (CIVN-2024-0313)

CVE-2025-53970 | DOS SS1/SS1 Cloud unrestricted upload

CVE-2026-3187 | feiyuchuixue sz-boot-parent up to 1.3.2-beta API Endpoint upload unrestricted upload

CVE-2024-24704 | AddonMaster Load More Anything Plugin up to 3.3.3 on WordPress authorization