CVE-2024-6192

Name of the Vulnerable Software and Affected Versions Loan Management System version 1.0

Description A critical vulnerability was found in the Loan Management System, affecting the file login.php of the Login Page component. The manipulation of the username argument leads to SQL injection. The attack can be initiated remotely.

Recommendations For Loan Management System version 1.0, as a temporary workaround, consider disabling the login functionality or restricting access to the login.php file until a patch is available. Avoid using the username parameter in the login.php file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.