A vulnerability labeled as critical has been found in code-projects Real State Services 1.0. This impacts an unknown function of the file /single-list_rent.php. Executing a manipulation of the argument ID can lead to sql injection.

This vulnerability is registered as CVE-2026-14745. It is possible to launch the attack remotely. Furthermore, an exploit is available.