CVE-2026-30523
Last modified
CVE-2026-30523 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the lack of proper input validation. The application allows administrators to define "Loan Plans" which determine the duration of a loan (in months). EPSS estimates a 0.30% chance of exploitation in the next 30 days.
Description
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the lack of proper input validation. The application allows administrators to define "Loan Plans" which determine the duration of a loan (in months). However, the backend fails to validate that the duration must be a positive integer. An attacker can submit a negative value for the months parameter. The system accepts this invalid data and creates a loan plan with a negative duration.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Oretnom23 | Loan Management System | 1.0 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-30523?
How severe is CVE-2026-30523?
How do I fix CVE-2026-30523?
Are you affected by CVE-2026-30523?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST