CVE Catalog

CVE-2026-14744

HighCVSS 7.3
Published: Translated: NVD NIST

Summary

A SQL injection vulnerability has been discovered in code-projects Real State Services 1.0 in the file /normalHomeRent.php. An attacker can remotely manipulate the loc argument, leading to unauthorized database access. The exploit has been publicly released, increasing the risk of attacks.

Risk Assessment

The organization is at risk of data leakage, modification, or deletion from the database, as well as potential system takeover by an attacker.

Recommendation

Immediately update the system to the latest version or apply a patch that prevents SQL injection. If no update is available, temporarily disable access to the /normalHomeRent.php file.

Original NVD description (English source)

A security flaw has been discovered in code-projects Real State Services 1.0. This affects an unknown function of the file /normalHomeRent.php. Performing a manipulation of the argument loc results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS