CVE-2026-14747
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk19th percentile — higher than 19% of all known CVEs
Summary
A SQL Injection vulnerability was found in Real State Services 1.0 in the /addprojectsale.php file. An attacker can remotely manipulate the amen argument, leading to SQL injection.
Risk Assessment
The risk includes unauthorized database access, data leakage, and potential modification or deletion of data.
Recommendation
Immediately update the software to the latest version and implement parameterized SQL queries or input validation for the amen argument.
Original NVD description (English source)
A vulnerability was detected in code-projects Real State Services 1.0. Affected by this vulnerability is an unknown functionality of the file /addprojectsale.php. The manipulation of the argument amen results in sql injection. The attack can be launched remotely.

