SQL Injection Vulnerability in code-projects Real State Services
CVE-2026-14747

6.9MEDIUM

Key Information:

Vendor
CVE Published:
5 July 2026

What is CVE-2026-14747?

A SQL injection vulnerability exists in code-projects Real State Services 1.0, specifically within the /addprojectsale.php file. This flaw occurs due to improper handling of the 'amen' argument, allowing a remote attacker to manipulate database queries. Successful exploitation can result in unauthorized access to sensitive data or modification of database structures, posing a significant risk to the application's data integrity and security.

Affected Version(s)

Real State Services 1.0

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

XuYue (VulDB User)
.