5 matches found
CVE-2026-30521
CVE-2026-30521 affects SourceCodester Loan Management System v1.0. The issue is a business logic vulnerability caused by missing server-side validation for the interest_rate field. Although the frontend blocks negative values, the backend does not, allowing an authenticated attacker to modify the...
CVE-2026-3702
CVE-2026-3702 affects SourceCodester Loan Management System 1.0. Affected component: the index.php file where manipulating the page argument triggers cross-site scripting (XSS). Exploitation appears to be remote, with a public exploit available. Documented impact is general web-app confidentialit...
CVE-2026-30522
Summary: CVE-2026-30522 affects SourceCodester Loan Management System v1.0. A business logic flaw arises from improper server-side validation allowing negative values for penalty_rate in Loan Plans, despite frontend restrictions. An authenticated attacker can bypass client-side validation by subm...
CVE-2026-30520
SourceCodester Loan Management System v1.0 contains a Blind SQL Injection in ajax.php (save_loan action) where the borrower_id parameter in a POST request is not properly sanitized. An authenticated attacker could inject SQL commands via this input. The affected component is the web application’s...
CVE-2026-30523
CVE-2026-30523 affects SourceCodester Loan Management System v1.0. The vulnerability is a business-logic flaw where the backend does not validate that the loan plan duration (months) is a positive integer, allowing a negative value to be submitted and resulting in a loan plan with negative durati...