cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-9090,https://securityvulnerability.io/vulnerability/CVE-2024-9090,SQL Injection Vulnerability in SourceCodester Modern Loan Management System,"A security vulnerability has been identified in the SourceCodester Modern Loan Management System version 1.0, specifically within the file search_member.php. This vulnerability allows an attacker to manipulate the searchMember argument, resulting in SQL injection attacks. Such vulnerabilities can be exploited remotely, posing a significant risk to environments utilizing this software. Since the exploit information has been publicly disclosed, organizations are urged to assess their systems for this vulnerability and implement necessary security measures to protect against potential database breaches.",SourceCodester,Modern Loan Management System,9.8,CRITICAL,0.0016499999910593033,false,,false,false,false,,,false,false,,2024-09-23T00:15:00.000Z,0
CVE-2024-9089,https://securityvulnerability.io/vulnerability/CVE-2024-9089,Cross Site Scripting Vulnerability Discovered in Modern Loan Management System,"A security flaw has been identified in the SourceCodester Modern Loan Management System 1.0, specifically within the processing of the update_loan_record.php file. This vulnerability enables the manipulation of the 'amount' argument, leading to potential cross-site scripting attacks. Threat actors can initiate these exploits remotely, posing a risk to the integrity of user data. The vulnerability has been publicly disclosed, and it highlights the importance of prompt remediation and security best practices to protect against such risks.",SourceCodester,Modern Loan Management System,5.4,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2024-09-23T00:15:00.000Z,0
CVE-2023-6312,https://securityvulnerability.io/vulnerability/CVE-2023-6312,SourceCodester Loan Management System Users Page deleteUser.php delete_user sql injection,A vulnerability was found in SourceCodester Loan Management System 1.0. It has been classified as critical. Affected is the function delete_user of the file deleteUser.php of the component Users Page. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246138 is the identifier assigned to this vulnerability.,Sourcecodester,Loan Management System,4.7,MEDIUM,0.0013500000350177288,false,,false,false,false,,,false,false,,2023-11-27T03:15:00.000Z,0
CVE-2023-6311,https://securityvulnerability.io/vulnerability/CVE-2023-6311,SourceCodester Loan Management System Loan Type Page delete_ltype.php delete_ltype sql injection,"A vulnerability in the SourceCodester Loan Management System version 1.0 allows for SQL injection via the delete_ltype function in delete_ltype.php, specifically through the ltype_id argument. This weakness can be exploited by attackers remotely. The public disclosure of this vulnerability raises significant concerns regarding potential unauthorized database access and the integrity of sensitive data. Users of the affected system are strongly advised to implement mitigations and monitor for any unusual activity.",SourceCodester,Loan Management System,7.2,HIGH,0.0013200000394135714,false,,false,false,false,,,false,false,,2023-11-27T02:15:00.000Z,0
CVE-2023-6310,https://securityvulnerability.io/vulnerability/CVE-2023-6310,SourceCodester Loan Management System deleteBorrower.php delete_borrower sql injection,A vulnerability has been found in SourceCodester Loan Management System 1.0 and classified as critical. This vulnerability affects the function delete_borrower of the file deleteBorrower.php. The manipulation of the argument borrower_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-246136.,Sourcecodester,Loan Management System,4.7,MEDIUM,0.0013200000394135714,false,,false,false,false,,,false,false,,2023-11-27T02:15:00.000Z,0
CVE-2022-2666,https://securityvulnerability.io/vulnerability/CVE-2022-2666,SourceCodester Loan Management System login.php sql injection,"A significant vulnerability has been identified in the SourceCodester Loan Management System, specifically affecting the login.php file. This issue arises due to improper handling of the username parameter, which can be exploited for SQL injection attacks. Attackers can initiate these exploits remotely, potentially gaining unauthorized access to sensitive data. Given that this flaw is publicly disclosed, it poses an urgent risk to systems utilizing this software. Organizations using the Loan Management System should act swiftly to implement security measures and patches.",Sourcecodester,Loan Management System,9.8,CRITICAL,0.026990000158548355,false,,false,false,false,,,false,false,,2023-01-07T21:35:27.192Z,0
CVE-2022-2766,https://securityvulnerability.io/vulnerability/CVE-2022-2766,SourceCodester Loan Management System index.php sql injection,A vulnerability was found in SourceCodester Loan Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-206162 is the identifier assigned to this vulnerability.,Sourcecodester,Loan Management System,9.8,CRITICAL,0.009100000374019146,false,,false,false,false,,,false,false,,2022-08-11T09:30:29.000Z,0
CVE-2022-2667,https://securityvulnerability.io/vulnerability/CVE-2022-2667,SourceCodester Loan Management System delete_lplan.php sql injection,A vulnerability was found in SourceCodester Loan Management System and classified as critical. This issue affects some unknown processing of the file delete_lplan.php. The manipulation of the argument lplan_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205619.,Sourcecodester,Loan Management System,8.8,HIGH,0.0014299999456852674,false,,false,false,false,,,false,false,,2022-08-05T10:45:49.000Z,0