Loan management system
This hub aggregates every CVE we track for Loan management system, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
17
CVEs tracked
2
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM13HIGH2CRITICAL2
Monthly trend
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
3
2
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Loan management system.
- CVE-2026-30523A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the lack of proper input validation. The application allows administrators to define "Loan Plans" which de...6.5
- CVE-2026-30522A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specifi...6.5
- CVE-2026-30521A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specifi...6.5
- CVE-2026-30520A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file (specifically the save_loan action). The application fail...5.4
- CVE-2026-3702SourceCodester Loan Management System index.php cross site scripting4.3
- CVE-2024-48415itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters i...5.0
- CVE-2024-6192itsourcecode Loan Management System Login Page login.php sql injection7.3
- CVE-2024-31678Sourcecodester Loan Management System v1.0 is vulnerable to SQL Injection via the "password" parameter in the "login.php" file.9.8
- CVE-2023-6312SourceCodester Loan Management System Users Page deleteUser.php delete_user sql injection4.7
- CVE-2023-6311SourceCodester Loan Management System Loan Type Page delete_ltype.php delete_ltype sql injection4.7
- CVE-2023-6310SourceCodester Loan Management System deleteBorrower.php delete_borrower sql injection4.7
- CVE-2023-27242SourceCodester Loan Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Type parameter under the Edit Loan Types module.5.4
- CVE-2022-2666SourceCodester Loan Management System login.php sql injection6.3
- CVE-2022-37138Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form.9.8
- CVE-2022-37139Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability.5.4
Product normalization is registry-driven with AI assist and human review. How it works