anonhaven
Ad

CVE-2026-6030

MEDIUM CVSS 4.0: 5.3 EPSS 0.03%
Updated Apr 10, 2026
Itsourcecode
Parameter Value
CVSS 5.3 (MEDIUM)
Type CWE-89 (SQL Injection), CWE-74 (Injection)
Vendor Itsourcecode
Public PoC No

A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /del1.php. This manipulation of the argument toolname causes sql injection.

Remote exploitation of the attack is possible. The exploit has been published and may be used.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
Low
Basic privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
Low
Partial disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-89 SQL Injection
CWE-74 Injection

Vulnerable Products

itsourcecode:construction management system

References 5

https://github.com/ltranquility/submit/issues/9
cna@vuldb.com
https://itsourcecode.com/
cna@vuldb.com
https://vuldb.com/submit/795444
cna@vuldb.com
https://vuldb.com/vuln/356606
cna@vuldb.com
https://vuldb.com/vuln/356606/cti
cna@vuldb.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-5334

PHP

6.9

CVE-2026-4875

Itsourcecode

5.1

CVE-2026-3261

Itsourcecode

6.9

CVE-2026-0544

Itsourcecode

6.9

CVE-2025-15074

Itsourcecode

6.9