CVE-2026-7074: SQL Injection in Construction Management System 1.0
The National Vulnerability Database (NVD) has disclosed CVE-2026-7074, a high-severity SQL injection vulnerability affecting itsourcecode Construction Management System version 1.0. This flaw, rated with a CVSS score of 7.3, allows remote attackers to manipulate the code argument in the /execute1.php file, leading to unauthorized data access or modification.
This isn’t a theoretical risk; the exploit details are publicly available. Attackers can leverage this vulnerability without authentication, making it a critical concern for any organization running this specific Construction Management System. The broad impact potential, coupled with the ease of exploitation, means defenders must prioritize patching or mitigation.
SQL injection remains a top vector for initial access and data exfiltration. The fact that this vulnerability is in a system likely holding sensitive project data and potentially financial information makes it particularly attractive to adversaries. Defenders need to assume this will be actively probed.
What This Means For You
- If your organization uses itsourcecode Construction Management System 1.0, you are directly exposed. Immediately identify all instances of this system within your network. Given the public exploit, assume active scanning and attempted exploitation. Prioritize patching or, if a patch isn't available, isolate the system and apply stringent WAF rules to block SQL injection attempts.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-7074: SQL Injection in Construction Management System /execute1.php
title: CVE-2026-7074: SQL Injection in Construction Management System /execute1.php
id: scw-2026-04-27-ai-1
status: experimental
level: high
description: |
This rule detects attempts to exploit CVE-2026-7074 by looking for SQL injection patterns within the 'cs-uri-query' parameter when accessing the '/execute1.php' file via a GET request. The specific SQL injection payloads are indicative of this vulnerability.
author: SCW Feed Engine (AI-generated)
date: 2026-04-27
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7074/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri: '/execute1.php'
cs-method: 'GET'
cs-uri-query|contains:
- "' OR '1'='1"
- "' OR 1=1 --"
- "' UNION SELECT"
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7074 | SQLi | itsourcecode Construction Management System 1.0 |
| CVE-2026-7074 | SQLi | Vulnerable file: /execute1.php |
| CVE-2026-7074 | SQLi | Vulnerable component: argument 'code' in /execute1.php |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 27, 2026 at 05:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7106: WordPress Plugin Privilege Escalation Exposes User Roles
CVE-2026-7106 — The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is...
Tenda F456 Router Vulnerability: Remote Buffer Overflow Exposes Networks
CVE-2026-7080 — A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd....
Tenda F456 Router Buffer Overflow (CVE-2026-7079) Exposes Networks
CVE-2026-7079 — A weakness has been identified in Tenda F456 1.0.0.5. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. This...