CVE-2026-14744
HighCVSS 7.3Summary
A SQL injection vulnerability has been discovered in code-projects Real State Services 1.0 in the file /normalHomeRent.php. An attacker can remotely manipulate the loc argument, leading to unauthorized database access. The exploit has been publicly released, increasing the risk of attacks.
Risk Assessment
The organization is at risk of data leakage, modification, or deletion from the database, as well as potential system takeover by an attacker.
Recommendation
Immediately update the system to the latest version or apply a patch that prevents SQL injection. If no update is available, temporarily disable access to the /normalHomeRent.php file.
Original NVD description (English source)
A security flaw has been discovered in code-projects Real State Services 1.0. This affects an unknown function of the file /normalHomeRent.php. Performing a manipulation of the argument loc results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

