CVE-2026-6030

MEDIUM WAF: High

CVSS 6.3 Published: 2026-04-10

CWE-89

A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /del1.php. This manipulation of the argument toolname causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.

WAF Coverage Analysis

SQL Injection High WAF Coverage

OWASP: A03:2021 Injection

942xxx - SQL Injection

References

github.com
itsourcecode.com
vuldb.com
vuldb.com
vuldb.com

Back to CVE Database