A vulnerability labeled as critical has been found in code-projects Real State Services 1.0 . Impacted is an unknown function of the file /single-list_sale.php?action=add . Executing a manipulation of the argument ID can lead to sql injection. This vulnerability is handled as CVE-2026-13559 . The attack can be executed remotely. Additionally, an exploit exists.