CVE-2026-30520
EUVD-2026-1758131.03.2026, 18:16
A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file (specifically the save_loan action). The application fails to properly sanitize user input supplied to the "borrower_id" parameter in a POST request, allowing an authenticated attacker to inject malicious SQL commands.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| oretnom23 | loan_management_system | 1.0 |
𝑥
= Vulnerable software versions