CVE Catalog

CVE-2026-14746

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

19th percentile — higher than 19% of all known CVEs

Summary

A SQL injection vulnerability has been detected in code-projects Real State Services 1.0 in the /addprojectrent.php file. An attacker can remotely manipulate the amen argument, leading to SQL injection. The exploit has been publicly disclosed.

Risk Assessment

The organization is at risk of unauthorized database access, data leakage, and potential system takeover.

Recommendation

Immediately update the application to the latest version or apply a security patch to prevent SQL injection, such as input validation and prepared statements.

Original NVD description (English source)

A security vulnerability has been detected in code-projects Real State Services 1.0. Affected is an unknown function of the file /addprojectrent.php. The manipulation of the argument amen leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS