A vulnerability categorized as critical has been discovered in code-projects Real State Services 1.0. The impacted element is an unknown function of the file /normalHomeSale.php. Such manipulation of the argument loc leads to sql injection.

This vulnerability is listed as CVE-2026-14743. The attack may be performed from remote. In addition, an exploit is available.