Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
itsourcecode Construction Management System: Remote SQL Injection in borrowed_tool_report.php
CVE-2026-5823
Summary
A security flaw in the itsourcecode Construction Management System allows an attacker to remotely inject malicious code into the system. This could happen if someone enters malicious input when accessing the /borrowed_tool_report.php page. To stay safe, update the system to the latest version or consider replacing it with a more secure alternative.
Original title
A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowed_tool_report.php. This manipulation of t...
Original description
A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowed_tool_report.php. This manipulation of the argument Home causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 9 Apr 2026 · Updated: 9 Apr 2026 · First seen: 9 Apr 2026