Security Advisory

CVE-2026-30520

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-31 00:00:00

Last updated 2026-04-06 13:50:08

Assigner mitre

State PUBLISHED

Description

A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file (specifically the save_loan action). The application fails to properly sanitize user input supplied to the "borrower_id" parameter in a POST request, allowing an authenticated attacker to inject malicious SQL commands.

← Browse all CVEs View on cve.org ↗