A vulnerability classified as critical has been found in code-projects Real State Services 1.0 . This impacts an unknown function of the file /loginuser.php of the component Login . The manipulation of the argument Username leads to sql injection. This vulnerability is documented as CVE-2026-10262 . The attack can be initiated remotely. Additionally, an exploit exists.