| Título | SourceCodester Loan Management System 1.0 Business Logic Errors |
|---|
| Descrição | A business logic vulnerability exists in Loan Management System 1.0. The issue is located in the save_plan action of the file ajax.php. The application fails to validate the 'months' POST parameter, allowing an authenticated attacker to submit negative values. This results in the creation of loan plans with negative durations, leading to corrupted time-based financial calculations and schedule generation. |
|---|
| Fonte | ⚠️ https://github.com/meifukun/Web-Security-PoCs/blob/main/Loan-Management-System/BusinessLogic-LoanPlan-NegativeMonths.md |
|---|
| Utilizador | Anonymous User |
|---|
| Submissão | 25/03/2026 03h10 (há 16 dias) |
|---|
| Moderação | 08/04/2026 17h14 (15 days later) |
|---|
| Estado | Duplicado |
|---|
| Entrada VulDB | 354681 [SourceCodester Loan Management System 1.0 Loan Plans meses] |
|---|
| Pontos | 0 |
|---|