| タイトル | SourceCodester Loan Management System 1.0 Business Logic Errors |
|---|
| 説明 | A business logic vulnerability exists in Loan Management System 1.0. The issue is located in the save_plan action of the file ajax.php. The application fails to validate the 'months' POST parameter, allowing an authenticated attacker to submit negative values. This results in the creation of loan plans with negative durations, leading to corrupted time-based financial calculations and schedule generation. |
|---|
| ソース | ⚠️ https://github.com/meifukun/Web-Security-PoCs/blob/main/Loan-Management-System/BusinessLogic-LoanPlan-NegativeMonths.md |
|---|
| ユーザー | Anonymous User |
|---|
| 送信 | 2026年03月25日 03:10 (25 日 ago) |
|---|
| モデレーション | 2026年04月08日 17:14 (15 days later) |
|---|
| ステータス | 重複 |
|---|
| VulDBエントリ | 354681 [SourceCodester Loan Management System 1.0 Loan Plans 月] |
|---|
| ポイント | 0 |
|---|