| Title | SourceCodester Loan Management System 1.0 Business Logic Errors |
|---|
| Description | A business logic vulnerability exists in Loan Management System 1.0. The issue is located in the save_plan action of the file ajax.php. The application fails to validate the 'months' POST parameter, allowing an authenticated attacker to submit negative values. This results in the creation of loan plans with negative durations, leading to corrupted time-based financial calculations and schedule generation. |
|---|
| Source | ⚠️ https://github.com/meifukun/Web-Security-PoCs/blob/main/Loan-Management-System/BusinessLogic-LoanPlan-NegativeMonths.md |
|---|
| User | Anonymous User |
|---|
| Submission | 03/25/2026 03:10 (16 days ago) |
|---|
| Moderation | 04/08/2026 17:14 (15 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 354681 [SourceCodester Loan Management System 1.0 Loan Plans months logic error] |
|---|
| Points | 0 |
|---|