Blind SQL Injection Vulnerability in SourceCodester Loan Management System
CVE-2026-30520

5.4MEDIUM

Key Information:

Vendor: SourceCodester
Status: Loan Management System
Vendor: CVE Published:; 31 March 2026

🔔 Create SourceCodester Vulnerability Alert

What is CVE-2026-30520?

A Blind SQL Injection vulnerability exists in the SourceCodester Loan Management System version 1.0, specifically located within the ajax.php file related to the save_loan action. This security flaw stems from improper sanitization of user input in the 'borrower_id' parameter during POST requests. As a result, authenticated attackers can exploit this vulnerability to execute malicious SQL commands, potentially manipulating the database and compromising sensitive information.

References

https://github.com/meifukun/Web-Security-PoCs/blob/main/L...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2026
Vulnerability Reserved
Mar 4, 2026

CVE-2026-30520 Data

JSON