EUVD-2026-17897

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the lack of proper input validation. The application allows administrators to define "Loan Plans" which determine the duration of a loan in months. However, the backend fails to validate that the duration...

CVE-2026-30523

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the lack of proper input validation. The application allows administrators to define "Loan Plans" which determine the duration of a loan in months. However, the backend fails to validate that the duration...

CVE-2026-30522

Summary: CVE-2026-30522 affects SourceCodester Loan Management System v1.0. A business logic flaw arises from improper server-side validation allowing negative values for penalty_rate in Loan Plans, despite frontend restrictions. An authenticated attacker can bypass client-side validation by subm...

CVE-2026-30520

SourceCodester Loan Management System v1.0 contains a Blind SQL Injection in ajax.php (save_loan action) where the borrower_id parameter in a POST request is not properly sanitized. An authenticated attacker could inject SQL commands via this input. The affected component is the web application’s...

CVE-2026-3702

A vulnerability was detected in SourceCodester Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. The attack is possible to be carried out remotely. The exploit is...

EUVD-2023-58554

Malicious code in bioql PyPI...

EUVD-2023-58553

Malicious code in bioql PyPI...

CVE-2023-6310

A vulnerability has been found in SourceCodester Loan Management System 1.0 and classified as critical. This vulnerability affects the function deleteborrower of the file deleteBorrower.php. The manipulation of the argument borrowerid leads to sql injection. The attack can be initiated remotely...

CVE-2022-2666

A vulnerability has been found in SourceCodester Loan Management System and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed...

CVE-2022-2766

A vulnerability was found in SourceCodester Loan Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has be...

CVE-2024-9089 SourceCodester Modern Loan Management System update_loan_record.php cross site scripting

A vulnerability was found in SourceCodester Modern Loan Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file updateloanrecord.php. The manipulation of the argument amount leads to cross site scripting. The attack may be initiated remotely. Th...

CVE-2024-31678

Sourcecodester Loan Management System v1.0 is vulnerable to SQL Injection via the "password" parameter in the "login.php" file...

CVE-2024-31678

Sourcecodester Loan Management System v1.0 is vulnerable to SQL Injection via the "password" parameter in the "login.php" file...

CVE-2024-31678

Sourcecodester Loan Management System v1.0 is vulnerable to SQL Injection via the "password" parameter in the "login.php" file...

CVE-2024-31678

CVE-2024-31678 affects Sourcecodester Loan Management System v1.0. The vulnerability is SQL Injection via the password parameter in login.php, with CVSS 3.1/3.1 vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base score 9.8 (CRITICAL). Public sources confirm the flaw but do not provide concrete expl...

CVE-2023-6312

A vulnerability was found in SourceCodester Loan Management System 1.0. It has been classified as critical. Affected is the function deleteuser of the file deleteUser.php of the component Users Page. The manipulation of the argument userid leads to sql injection. It is possible to launch the atta...

CVE-2023-6312

Affects: SourceCodester Loan Management System v1.0, specifically the Users Page deleteUser.php delete_user function. Issue: SQL injection caused by improper handling of the user_id argument, enabling remote exploitation. Evidence across multiple sources confirms the vulnerability and public disc...

CVE-2023-6311

A vulnerability was found in SourceCodester Loan Management System 1.0 and classified as critical. This issue affects the function deleteltype of the file deleteltype.php of the component Loan Type Page. The manipulation of the argument ltypeid leads to sql injection. The attack may be initiated...

CVE-2023-6311

A vulnerability was found in SourceCodester Loan Management System 1.0 and classified as critical. This issue affects the function deleteltype of the file deleteltype.php of the component Loan Type Page. The manipulation of the argument ltypeid leads to sql injection. The attack may be initiated...

CVE-2023-6311

CVE-2023-6311 affects SourceCodester Loan Management System 1.0, specifically the delete_ltype.php component (Loan Type Page). The vulnerability arises from insecure handling of the ltype_id parameter in delete_ltype, enabling SQL injection. Exploitation is described as remotely possible with con...