6 results (0.009 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2

SourceCodester Loan Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Type parameter under the Edit Loan Types module. • https://github.com/kaikai-11/Loan-Management-System https://github.com/kaikai-11/Loan-Management-System/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability has been found in SourceCodester Loan Management System and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/cxaqhq/Loan-Management-System-Sqlinjection https://vuldb.com/?ctiid.205618 https://vuldb.com/?id.205618 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form. Loan Management System versión 1.0, es vulnerable a una inyección SQL en la página de inicio de sesión, lo que permite a usuarios no autorizados iniciar sesión como administrador tras inyectar el formulario de nombre de usuario • https://github.com/saitamang/POC-DUMP/blob/main/Loan%20Management%20System/README.md https://www.sourcecodester.com/php/15529/loan-management-system-oop-php-mysqlijquery-free-source-code.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Loan Management System versión 1.0 sufre una vulnerabilidad persistente de cross site scripting • https://github.com/saitamang/POC-DUMP/blob/main/Loan%20Management%20System/README.md https://www.sourcecodester.com/php/15529/loan-management-system-oop-php-mysqlijquery-free-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in SourceCodester Loan Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. • https://github.com/Drun1baby/CVE_Pentest/blob/main/Loan%20Management%20System%20CMS/images/sql01.png https://vuldb.com/?id.206162 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •