CVE-2026-14768
HIGH Exploitation: PoC
7.3
CVSS 3.1
Description
A weakness has been identified in code-projects Real State Services 1.0. This vulnerability affects unknown code of the file /builderHome.php. This manipulation of the argument loc causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
Metadata
Severity & Metrics
7.3
HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| code-projects | Real State Services | — | 1.0 |
CVSS scores (4)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 7.5 | N/D | 2.0 | cna | AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR |
| 7.3 | HIGH | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 7.3 | HIGH | 3.0 | cna | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 6.9 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
References (6)
- VDB-376358 | code-projects Real State Services builderHome.php sql injection https://vuldb.com/vuln/376358
- VDB-376358 | CTI Indicators (IOB, IOC, TTP, IOA) https://vuldb.com/vuln/376358/cti
- CVE-2026-14768 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-14768
- Submit #849302 | code-projects Real State Services V1.0 SQL Injection https://vuldb.com/submit/849302
- https://github.com/6Justdododo6/CVE/issues/27
- https://code-projects.org/