itsourcecode Construction Management System SQLi: CVE-2026-7073

/HIGH /CVSS 7.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitysql-injectioncwe-74cwe-89
itsourcecode Construction Management System SQLi: CVE-2026-7073

A high-severity SQL injection vulnerability, tracked as CVE-2026-7073, has been identified in itsourcecode Construction Management System version 1.0. The National Vulnerability Database reports this flaw resides within an unknown part of the /execute.php file, where manipulation of the code argument can lead to arbitrary SQL execution.

This vulnerability carries a CVSSv3.1 score of 7.3, indicating a significant risk. Attackers can exploit this remotely without authentication, making it particularly dangerous. Crucially, the exploit code for CVE-2026-7073 has been publicly disclosed, meaning it’s likely already being weaponized in the wild.

For defenders, this is a critical alert. SQL injection remains a top attack vector, often leading to full database compromise, data exfiltration, or unauthorized system access. Given the ease of exploitation and public availability of exploit code, organizations using this specific system are at immediate risk.

What This Means For You

  • If your organization uses itsourcecode Construction Management System 1.0, you are directly exposed to remote SQL injection via CVE-2026-7073. Immediately identify all instances of this system and isolate them from public access. There is no patch yet, so mitigation is your only defense. Review all web application logs for suspicious activity on `/execute.php` and prepare for potential data exfiltration or system compromise.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1505.003 Server Software Component: Web Shell Persistence T1189 Drive-by Compromise Initial Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-7073 - itsourcecode Construction Management SQLi via execute.php

Sigma YAML — free preview 
title: CVE-2026-7073 - itsourcecode Construction Management SQLi via execute.php
id: scw-2026-04-27-ai-1
status: experimental
level: critical
description: |
  Detects exploitation attempts against itsourcecode Construction Management System 1.0 via CVE-2026-7073. The rule specifically looks for requests to '/execute.php' containing SQL injection keywords like 'UNION', 'SELECT', 'FROM', and 'information_schema' within the 'code' parameter, indicating a potential SQL injection attack targeting the database.
author: SCW Feed Engine (AI-generated)
date: 2026-04-27
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-7073/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/execute.php'
      cs-uri-query|contains:
          - 'code='
      cs-uri-query|contains:
          - 'UNION'
      cs-uri-query|contains:
          - 'SELECT'
      cs-uri-query|contains:
          - 'FROM'
      cs-uri-query|contains:
          - 'information_schema'
  condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-7073 SQLi itsourcecode Construction Management System 1.0
CVE-2026-7073 SQLi Vulnerable file: /execute.php
CVE-2026-7073 SQLi Vulnerable argument: code

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 27, 2026 at 04:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

itSourceCode Courier Management System SQLi: CVE-2026-7076

CVE-2026-7076 — A vulnerability was determined in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /edit_branch.php. Executing a manipulation of...

vulnerabilityCVEhigh-severitysql-injectioncwe-74cwe-89
/SCW Vulnerability Desk /HIGH /7.3 /⚑ 3 IOCs /⚙ 3 Sigma

itsourcecode Construction Management System SQLi (CVE-2026-7075)

CVE-2026-7075 — A vulnerability was found in itsourcecode Construction Management System 1.0. This issue affects some unknown processing of the file /locations.php. Performing a manipulation...

vulnerabilityCVEhigh-severitysql-injectioncwe-74cwe-89
/SCW Vulnerability Desk /HIGH /7.3 /⚑ 3 IOCs /⚙ 7 Sigma

CVE-2026-7074: SQL Injection in Construction Management System 1.0

CVE-2026-7074 — A vulnerability has been found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file /execute1.php. Such manipulation of...

vulnerabilityCVEhigh-severitysql-injectioncwe-74cwe-89
/SCW Vulnerability Desk /HIGH /7.3 /⚑ 3 IOCs /⚙ 3 Sigma