CVE-2026-14769
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk19th percentile — higher than 19% of all known CVEs
Summary
A SQL Injection vulnerability has been detected in code-projects Real State Services 1.0. The issue occurs in the /pay.php file, where the Bankname argument is vulnerable to manipulation. The attack can be performed remotely, and the exploit has been publicly disclosed.
Risk Assessment
An attacker can remotely inject malicious SQL queries, potentially leading to unauthorized database access, data leakage, or data modification.
Recommendation
Immediately update the application to the latest version or apply a security patch. Additionally, implement input validation and parameterized SQL queries.
Original NVD description (English source)
A security vulnerability has been detected in code-projects Real State Services 1.0. This issue affects some unknown processing of the file /pay.php. Such manipulation of the argument Bankname leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

