Product
CVE-2026-14769 — SQL Injection in code-projects Real State Services 1.0
1 rule 3 TTPs 1 CVE 6 IOCsA critical security vulnerability, CVE-2026-14769, allows for remote SQL Injection in code-projects Real State Services 1.0 via the 'Bankname' argument in the '/pay.php' file, with a publicly disclosed exploit enabling information disclosure and potential data manipulation.
CVE-2026-14768: Remote SQL Injection in code-projects Real State Services 1.0
1 rule 1 TTP 1 CVEA remote SQL injection vulnerability (CVE-2026-14768) has been identified in code-projects Real State Services 1.0, allowing attackers to exploit the 'loc' argument in '/builderHome.php' for arbitrary SQL command execution, with a public exploit available.
CVE-2026-14747: SQL Injection in code-projects Real State Services 1.0
1 rule 1 TTP 1 CVEA high-severity SQL Injection vulnerability, CVE-2026-14747, exists in the /addprojectsale.php file of code-projects Real State Services 1.0, allowing remote unauthenticated attackers to manipulate the 'amen' argument for arbitrary SQL query execution, leading to data compromise or unauthorized access.
CVE-2026-14746: SQL Injection in code-projects Real State Services
1 rule 1 TTP 1 CVEA high-severity SQL injection vulnerability (CVE-2026-14746) exists in code-projects Real State Services 1.0, specifically in the `/addprojectrent.php` file, where the `amen` argument can be manipulated to execute arbitrary SQL commands, enabling remote attackers to achieve unauthorized data access or modification, with public exploit disclosure increasing the risk of active exploitation.
CVE-2026-14745: SQL Injection in code-projects Real State Services
1 rule 3 TTPs 1 CVEA critical SQL injection vulnerability (CVE-2026-14745) affecting code-projects Real State Services version 1.0 allows remote, unauthenticated attackers to execute arbitrary SQL commands by manipulating the 'ID' argument in the '/single-list_rent.php' file, potentially leading to data exposure, unauthorized modification, or denial of service, with a public exploit available.
CVE-2026-14744: Remote SQL Injection in code-projects Real State Services 1.0
1 rule 4 TTPs 1 CVE 6 IOCsA critical SQL injection vulnerability (CVE-2026-14744) has been found in code-projects Real State Services version 1.0. The flaw resides in an unknown function within the /normalHomeRent.php file, where manipulating the 'loc' argument allows for remote SQL injection, and a public exploit has been released, posing an immediate threat to affected systems.
CVE-2026-14743: Remote SQL Injection in code-projects Real State Services 1.0
1 rule 2 TTPs 1 CVEA high-severity remote SQL injection vulnerability (CVE-2026-14743) in code-projects Real State Services 1.0 allows an unauthenticated attacker to manipulate the 'loc' argument in the `/normalHomeSale.php` file, leading to arbitrary SQL command execution and potential compromise of confidentiality, integrity, and availability of data, with an exploit publicly available.