CVE-2026-14743

code-projects · Real State Services

A SQL injection vulnerability in code-projects Real State Services 1.0 enables unauthenticated remote attackers to manipulate database queries.

Executive summary

A critical SQL injection vulnerability in code-projects Real State Services 1.0 allows unauthenticated attackers to potentially compromise database integrity.

Vulnerability

This is a SQL Injection (CWE-89) vulnerability where the application fails to properly sanitize user-supplied input before including it in database queries. The vulnerability is exploitable remotely by an unauthenticated attacker via the network.

Business impact

The ability to inject arbitrary SQL commands poses a severe risk to the confidentiality and integrity of the application's data. With a CVSS score of 7.3, this high-severity flaw could allow attackers to bypass application-level security controls to read, modify, or delete information from the underlying database.

Remediation

Immediate Action: Monitor the vendor’s repository for security updates and apply them as soon as they become available.

Proactive Monitoring: Monitor application logs for suspicious database activity or unusual error messages consistent with SQL injection attempts.

Compensating Controls: Utilize a Web Application Firewall (WAF) to inspect and block incoming HTTP requests containing suspicious SQL syntax.

Exploitation status

Public Exploit Available: false

Analyst recommendation

It is imperative that administrators address this vulnerability immediately to prevent unauthorized database access. Prioritize the application of any forthcoming patches and ensure that the application is not exposed to untrusted networks until the vulnerability is fully remediated.