CVE-2026-30523

Name of the Vulnerable Software and Affected Versions SourceCodester Loan Management System version 1.0

Description A business logic flaw exists because the application does not properly validate input. Specifically, the system allows administrators to define 'Loan Plans' with a duration in months, but it does not verify that the duration is a positive integer. An attacker can submit a negative value for the months parameter, and the system will accept this invalid data, creating a loan plan with a negative duration.

Recommendations Ensure that the duration value for loan plans is validated to be a positive integer.