SQL Injection Vulnerability in code-projects Real State Services
CVE-2026-14743
Key Information:
- Vendor
Code-projects
- Status
- Vendor
- CVE Published:
- 5 July 2026
Badges
What is CVE-2026-14743?
An SQL injection vulnerability exists in code-projects Real State Services version 1.0, located in the /normalHomeSale.php file. This issue arises from improper handling of user-supplied input, specifically within the argument 'loc.' An attacker can exploit this vulnerability remotely to manipulate SQL queries, potentially gaining unauthorized access to the database and revealing sensitive data. Publicly available exploits make it important for users to assess their exposure and implement necessary security measures.
Affected Version(s)
Real State Services 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
