CVE-2026-5620 — A vulnerability has been found in itsourcecode Construction Management System…

April 06, 2026 08:26 /HIGH

CVE Notify vulnerabilitycve

🚨 CVE-2026-5620 A vulnerability has been found in itsourcecode Construction Management System 1.0. Affected is an unknown function of the file /borrowedequipreport.php of the component Parameter Handler. The manipulation of the argument Home leads to sql injection. It is possible to initiate the at

itsourcecode Construction Management System V1.0 SQL Injection Vulnerability · Issue #1 · Qwh0729/cve

github.com

What This Means For You

New vulnerability disclosed — verify if your stack is exposed.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1505.003 Server Software Component Initial Access T1189 Drive-by Compromise Initial Access

Indicators of Compromise

ID	Type	Indicator
CVE-2026-5620	SQLi	itsourcecode Construction Management System 1.0, file: /borrowed_equip_report.php, component: Parameter Handler, argument: Home

🔎

Turn this CVE into SIEM detection coverage Generate detection rules for Splunk, Sentinel, QRadar & Elastic — straight from this vulnerability. Use /detect in the Intel Bot.

Open Intel Bot →

Source & Attribution

Source Platform	Telegram
Channel	CVE Notify
Published	April 06, 2026 at 08:26 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

What This Means For You

Related ATT&CK Techniques

Indicators of Compromise

Related coverage

CVE-2026-42396 — Insufficient Validation of Member Zone Data May Cause

CVE-2026-42002 — Concurrency and locking defects in

CVE-2026-42001: Autoprimary SOA Queries Vulnerability