Skip to content
CVSS 7.3 · HIGH

CVE-2026-7074

A vulnerability has been found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file /execute1.php. Such manipulation of the argument code leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

Ver en NVD

Análisis

The software is a niche CMS typically found on source code marketplaces or used as a template, rather than a widely deployed professional tool. While the SQL injection is serious and an exploit is public, the impact is confined to a very small and specific user base not representative of the broader developer community.

Severidad

Puntaje: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Tipo de falla (CWE): CWE-74CWE-89

EPSS

Probabilidad de explotación (próx. 30 días): 0.0004 (0.0%)
Percentil: 11.7%
EPSS: 2026-05-06

Descripción técnica

A vulnerability has been found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file /execute1.php. Such manipulation of the argument code leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

Publicada: 27/4/2026, 2:16:01
Última modificación: 29/4/2026, 1:00:01

Referencias

InicioEventosBlogRecursosEquipo