Skip to main content

Loan Management System

12 CVEs product

Monthly

CVE-2026-30522 MEDIUM POC This Month

SourceCodester Loan Management System v1.0 allows authenticated administrators to submit negative penalty rates for loan overdue payments by bypassing client-side validation through direct HTTP POST manipulation, enabling financial fraud through reversed penalty calculations that benefit borrowers instead of lenders. The vulnerability requires authenticated access but no CVSS score, EPSS probability, or formal patch status is available; however, publicly available exploit code confirms the vulnerability's technical feasibility.

Authentication Bypass Loan Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-48415 MEDIUM This Month

itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Loan Management System
NVD GitHub
CVSS 3.1
5.0
EPSS
0.4%
CVE-2024-6192 MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Loan Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Loan Management System
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.6%
CVE-2024-31678 CRITICAL POC Act Now

Sourcecodester Loan Management System v1.0 is vulnerable to SQL Injection via the "password" parameter in the "login.php" file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Loan Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-6312 HIGH POC This Week

A vulnerability was found in SourceCodester Loan Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Loan Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-6311 HIGH POC This Week

A vulnerability was found in SourceCodester Loan Management System 1.0 and classified as critical.php of the component Loan Type Page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Loan Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-6310 HIGH POC This Week

A vulnerability has been found in SourceCodester Loan Management System 1.0 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Loan Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-27242 MEDIUM POC This Month

SourceCodester Loan Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Type parameter under the Edit Loan Types module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Loan Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-37139 MEDIUM POC This Month

Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Loan Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-37138 CRITICAL POC Act Now

Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Loan Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-2766 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Loan Management System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Loan Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-2667 HIGH POC This Week

A vulnerability was found in SourceCodester Loan Management System and classified as critical.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Loan Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
EPSS 0% CVSS 6.5
MEDIUM POC This Month

SourceCodester Loan Management System v1.0 allows authenticated administrators to submit negative penalty rates for loan overdue payments by bypassing client-side validation through direct HTTP POST manipulation, enabling financial fraud through reversed penalty calculations that benefit borrowers instead of lenders. The vulnerability requires authenticated access but no CVSS score, EPSS probability, or formal patch status is available; however, publicly available exploit code confirms the vulnerability's technical feasibility.

Authentication Bypass Loan Management System
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM This Month

itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in. Rated medium severity (CVSS 5.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Loan Management System
NVD GitHub
EPSS 1% CVSS 6.9
MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Loan Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Loan Management System
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Sourcecodester Loan Management System v1.0 is vulnerable to SQL Injection via the "password" parameter in the "login.php" file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Loan Management System
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC This Week

A vulnerability was found in SourceCodester Loan Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Loan Management System
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

A vulnerability was found in SourceCodester Loan Management System 1.0 and classified as critical.php of the component Loan Type Page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Loan Management System
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH POC This Week

A vulnerability has been found in SourceCodester Loan Management System 1.0 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Loan Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM POC This Month

SourceCodester Loan Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Type parameter under the Edit Loan Types module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Loan Management System
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Loan Management System
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Loan Management System
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability was found in SourceCodester Loan Management System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Loan Management System
NVD GitHub VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

A vulnerability was found in SourceCodester Loan Management System and classified as critical.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Loan Management System
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy