PT-2024-39424 · Sourcecodester · Sourcecodester Loan Management System
Shawroot
·
Published
2024-09-22
·
Updated
2024-09-27
·
CVE-2024-9090
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SourceCodester Modern Loan Management System version 1.0
Description
A critical issue has been found, allowing for SQL injection through the manipulation of the
searchMember argument in the file search member.php. This can be exploited remotely. The issue has been publicly disclosed and may be used for attacks.Recommendations
For SourceCodester Modern Loan Management System version 1.0, as a temporary workaround, consider restricting access to the search member.php file or disabling the function that handles the
searchMember argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Loan Management System