CVE-2026-30520

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Mar 31, 2026

Vendor unknown

Description

A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file (specifically the save_loan action). The application fails to properly sanitize user input supplied to the "borrower_id" parameter in a POST request, allowing an authenticated attacker to inject malicious SQL commands.

References

https://github.com/meifukun/Web-Security-PoCs/blob/main/Loan-Management-System/SQLi-SaveLoan-borrowerId.md