CVE-2026-5719

Description

A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /borrowedtool.php. Executing a manipulation of the argument code can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.

References

• https://github.com/ltranquility/submit/issues/7
• https://itsourcecode.com/
• https://vuldb.com/submit/792968
• https://vuldb.com/vuln/355661
• https://vuldb.com/vuln/355661/cti