| 제목 | SourceCodester Loan Management System 1.0 Business Logic Errors |
|---|
| 설명 | A business logic vulnerability exists in Loan Management System 1.0. The issue is located in the save_plan action of the file ajax.php. The application fails to validate the 'months' POST parameter, allowing an authenticated attacker to submit negative values. This results in the creation of loan plans with negative durations, leading to corrupted time-based financial calculations and schedule generation. |
|---|
| 원천 | ⚠️ https://github.com/meifukun/Web-Security-PoCs/blob/main/Loan-Management-System/BusinessLogic-LoanPlan-NegativeMonths.md |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2026. 03. 25. AM 03:10 (17 날 ago) |
|---|
| 모더레이션 | 2026. 04. 08. PM 05:14 (15 days later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 354681 [SourceCodester Loan Management System 1.0 Loan Plans 개월] |
|---|
| 포인트들 | 0 |
|---|