CVE-2024-31678

Name of the Vulnerable Software and Affected Versions Sourcecodester Loan Management System version 1.0

Description The issue concerns SQL Injection via the password parameter in the "login.php" file. This allows for potential unauthorized access to sensitive data. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For Sourcecodester Loan Management System version 1.0, consider restricting access to the "login.php" file or disabling the password parameter until a patch is available. Avoid using the password parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.