PT-2026-29324 · Oretnom23 · Alton Management System

Meifukun

·

Publicado

2026-03-31

·

Atualizado

2026-03-31

·

CVE-2026-30520

CVSS v3.1

5.4

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file (specifically the save loan action). The application fails to properly sanitize user input supplied to the "borrower id" parameter in a POST request, allowing an authenticated attacker to inject malicious SQL commands.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2026-30520

Produtos afetados

Alton Management System