itsourcecode Construction Management System SQLi (CVE-2026-7075)
The National Vulnerability Database has disclosed CVE-2026-7075, a high-severity SQL injection vulnerability impacting itsourcecode Construction Management System 1.0. This flaw, rated 7.3 CVSSv3.1, stems from improper handling of the address argument in the /locations.php file.
This vulnerability allows for remote exploitation, meaning an attacker doesn’t need local access to trigger the SQL injection. Given that an exploit has been made public, this isn’t theoretical – it’s an immediate threat. Attackers can leverage this to potentially extract sensitive data, modify database records, or achieve further system compromise.
Organizations using this specific Construction Management System are directly exposed. The ease of exploitation and public availability of an exploit significantly lowers the bar for adversaries, making it an attractive target for opportunistic attackers and those looking to pivot into a construction firm’s broader network.
What This Means For You
- If your organization utilizes itsourcecode Construction Management System 1.0, you are directly exposed to remote SQL injection via CVE-2026-7075. Immediately identify all instances of this system in your environment. There is no patch mentioned, so prioritize isolating these systems or implementing web application firewall (WAF) rules to filter malicious input on `/locations.php` and its `address` parameter. Assume compromise until proven otherwise and audit logs for suspicious activity.
Related ATT&CK Techniques
🛡️ Detection Rules
7 rules · 6 SIEM formats7 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Web Application Exploitation Attempt — CVE-2026-7075
title: Web Application Exploitation Attempt — CVE-2026-7075
id: scw-2026-04-27-1
status: experimental
level: high
description: |
Detects common exploitation patterns targeting web applications. Review CVE-2026-7075 advisories for specific indicators.
author: SCW Feed Engine (auto-generated)
date: 2026-04-27
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-7075/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri-query|contains:
- '..'
- 'SELECT'
- 'UNION'
- '<script'
- 'cmd='
- '/etc/passwd'
condition: selection
falsepositives:
- Legitimate activity from CVE-2026-7075
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-7075 | SQLi | itsourcecode Construction Management System 1.0 |
| CVE-2026-7075 | SQLi | Vulnerable file: /locations.php |
| CVE-2026-7075 | SQLi | Vulnerable argument: address |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 27, 2026 at 05:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7106: WordPress Plugin Privilege Escalation Exposes User Roles
CVE-2026-7106 — The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is...
Tenda F456 Router Vulnerability: Remote Buffer Overflow Exposes Networks
CVE-2026-7080 — A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd....
Tenda F456 Router Buffer Overflow (CVE-2026-7079) Exposes Networks
CVE-2026-7079 — A weakness has been identified in Tenda F456 1.0.0.5. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. This...