A SQL injection vulnerability has been discovered in itsourcecode Construction Management System version 1.0. The vulnerability affects the /execute1.php file through manipulation of the 'code' argument. This attack can be performed remotely and the exploit has been publicly disclosed. The vulnerability allows remote attackers to manipulate SQL queries through improper input validation. This creates significant security risks as attackers can potentially access, modify, or delete database information.