CVE-2026-14745
HighCVSS 7.3Summary
A SQL injection vulnerability has been found in Real State Services 1.0 in the /single-list_rent.php file via the ID argument. The attack can be performed remotely and the exploit has been made public.
Risk Assessment
The organization is at risk of unauthorized database access, data leakage, and potential system compromise.
Recommendation
Immediately update the system to the latest version or apply a security patch to prevent SQL injection, and restrict access to the /single-list_rent.php file.
Original NVD description (English source)
A weakness has been identified in code-projects Real State Services 1.0. This impacts an unknown function of the file /single-list_rent.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

