| Título | SourceCodester Loan Management System 1.0 Business Logic Errors |
|---|
| Descripción | A business logic vulnerability exists in Loan Management System 1.0. The issue is located in the save_plan action of the file ajax.php. The application fails to validate the 'months' POST parameter, allowing an authenticated attacker to submit negative values. This results in the creation of loan plans with negative durations, leading to corrupted time-based financial calculations and schedule generation. |
|---|
| Fuente | ⚠️ https://github.com/meifukun/Web-Security-PoCs/blob/main/Loan-Management-System/BusinessLogic-LoanPlan-NegativeMonths.md |
|---|
| Usuario | Anonymous User |
|---|
| Sumisión | 2026-03-25 03:10 (hace 25 días) |
|---|
| Moderación | 2026-04-08 17:14 (15 days later) |
|---|
| Estado | Duplicado |
|---|
| Entrada de VulDB | 354681 [SourceCodester Loan Management System 1.0 Loan Plans meses] |
|---|
| Puntos | 0 |
|---|