CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9090 – SourceCodester Modern Loan Management System search_member.php sql injection
https://notcve.org/view.php?id=CVE-2024-9090
A vulnerability was found in SourceCodester Modern Loan Management System 1.0. It has been classified as critical. Affected is an unknown function of the file search_member.php. The manipulation of the argument searchMember leads to sql injection. It is possible to launch the attack remotely. • https://vuldb.com/?ctiid.278268 https://vuldb.com/?id.278268 https://vuldb.com/?submit.411879 https://www.shawroot.cc/2810.html https://www.sourcecodester.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9089 – SourceCodester Modern Loan Management System update_loan_record.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-9089
A vulnerability was found in SourceCodester Modern Loan Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file update_loan_record.php. The manipulation of the argument amount leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.278267 https://vuldb.com/?id.278267 https://vuldb.com/?submit.411877 https://www.shawroot.cc/2807.html https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •