Lucene search
K
Oretnom23Loan Management System

5 matches found

CVE
CVE
added 2026/03/31 12:0 a.m.29 views

CVE-2026-30521

CVE-2026-30521 affects SourceCodester Loan Management System v1.0. The issue is a business logic vulnerability caused by missing server-side validation for the interest_rate field. Although the frontend blocks negative values, the backend does not, allowing an authenticated attacker to modify the...

6.5CVSS6AI score0.00313EPSS
CVE
CVE
added 2026/03/08 4:2 a.m.21 views

CVE-2026-3702

CVE-2026-3702 affects SourceCodester Loan Management System 1.0. Affected component: the index.php file where manipulating the page argument triggers cross-site scripting (XSS). Exploitation appears to be remote, with a public exploit available. Documented impact is general web-app confidentialit...

6.1CVSS4.4AI score0.00305EPSS
CVE
CVE
added 2026/04/01 12:0 a.m.18 views

CVE-2026-30522

Summary: CVE-2026-30522 affects SourceCodester Loan Management System v1.0. A business logic flaw arises from improper server-side validation allowing negative values for penalty_rate in Loan Plans, despite frontend restrictions. An authenticated attacker can bypass client-side validation by subm...

6.5CVSS6AI score0.00255EPSS
CVE
CVE
added 2026/03/31 12:0 a.m.12 views

CVE-2026-30520

SourceCodester Loan Management System v1.0 contains a Blind SQL Injection in ajax.php (save_loan action) where the borrower_id parameter in a POST request is not properly sanitized. An authenticated attacker could inject SQL commands via this input. The affected component is the web application’s...

5.4CVSS6AI score0.0022EPSS
CVE
CVE
added 2026/04/01 12:0 a.m.11 views

CVE-2026-30523

CVE-2026-30523 affects SourceCodester Loan Management System v1.0. The vulnerability is a business-logic flaw where the backend does not validate that the loan plan duration (months) is a positive integer, allowing a negative value to be submitted and resulting in a loan plan with negative durati...

6.5CVSS5.9AI score0.00303EPSS