A vulnerability marked as critical has been reported in code-projects Real State Services 1.0. Affected is an unknown function of the file /addprojectrent.php. The manipulation of the argument amen leads to sql injection.

This vulnerability is documented as CVE-2026-14746. The attack can be initiated remotely. Additionally, an exploit exists.