プラットフォーム
php
コンポーネント
itsourcecode
修正版
1.0.1
CVE-2026-5823 describes a SQL Injection vulnerability discovered in the itsourcecode Construction Management System. This flaw allows attackers to potentially manipulate database queries, leading to unauthorized data access or modification. The vulnerability impacts versions 1.0.0 through 1.0 and is accessible remotely. A patch is expected to be released by the vendor.
Successful exploitation of CVE-2026-5823 could allow an attacker to bypass authentication and gain unauthorized access to sensitive data stored within the itsourcecode Construction Management System's database. This could include confidential project details, financial records, user credentials, and other critical information. Depending on the database permissions, an attacker might even be able to modify or delete data, leading to data integrity issues and operational disruptions. The public availability of an exploit significantly increases the risk of widespread exploitation.
CVE-2026-5823 has been publicly disclosed and a proof-of-concept exploit is available, indicating a high likelihood of exploitation. The vulnerability was published on 2026-04-08. The CVSS score of 6.3 (Medium) reflects the potential impact and ease of exploitation. It is currently not listed on CISA KEV.
Organizations utilizing the itsourcecode Construction Management System, particularly those with publicly accessible instances or those lacking robust input validation practices, are at significant risk. Shared hosting environments where multiple users share the same server instance are also particularly vulnerable, as a compromise of one user's account could potentially lead to the compromise of the entire system.
• php / web:
grep -r "Home = " /var/www/itsourcecode/borrowed_tool_report.php• generic web:
curl -I http://your-server/borrowed_tool_report.php?Home='OR'1'-- -v | grep SQLdisclosure
エクスプロイト状況
EPSS
0.03% (9% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2026-5823 is to upgrade to a patched version of the itsourcecode Construction Management System as soon as it becomes available. Until a patch is applied, consider implementing temporary workarounds such as input validation and sanitization on the Home parameter within the /borrowedtoolreport.php file. Web application firewalls (WAFs) configured to detect and block SQL Injection attempts can also provide a layer of protection. Monitor access logs for suspicious SQL queries targeting the vulnerable endpoint.
itsourcecode Construction Management Systemを修正されたバージョンにアップデートしてください。具体的なアップデート手順については、ベンダーのドキュメントを確認してください。追加のセキュリティ対策として、将来のSQLインジェクションを防ぐために、堅牢な入力検証を実装してください。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-5823 is a SQL Injection vulnerability affecting itsourcecode Construction Management System versions 1.0.0–1.0, allowing attackers to potentially manipulate database queries and access sensitive data.
If you are using itsourcecode Construction Management System version 1.0.0–1.0 and have not upgraded, you are potentially affected by this vulnerability. Assess your environment immediately.
The recommended fix is to upgrade to a patched version of itsourcecode Construction Management System as soon as it becomes available. Until then, implement temporary workarounds like input validation and WAF rules.
Due to the public availability of a proof-of-concept exploit, CVE-2026-5823 is likely being actively exploited or targeted by malicious actors.
Please refer to the itsourcecode website or their official security advisory channels for the latest information and updates regarding CVE-2026-5823.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。