CVE Catalog

CVE-2026-14747

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

19th percentile — higher than 19% of all known CVEs

Summary

A SQL Injection vulnerability was found in Real State Services 1.0 in the /addprojectsale.php file. An attacker can remotely manipulate the amen argument, leading to SQL injection.

Risk Assessment

The risk includes unauthorized database access, data leakage, and potential modification or deletion of data.

Recommendation

Immediately update the software to the latest version and implement parameterized SQL queries or input validation for the amen argument.

Original NVD description (English source)

A vulnerability was detected in code-projects Real State Services 1.0. Affected by this vulnerability is an unknown functionality of the file /addprojectsale.php. The manipulation of the argument amen results in sql injection. The attack can be launched remotely.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS