Business Logic Flaw in Loan Management System from SourceCodester
CVE-2026-30523

6.5MEDIUM

Key Information:

Vendor: SourceCodester
Status: Loan Management System
Vendor: CVE Published:; 1 April 2026

🔔 Create SourceCodester Vulnerability Alert

What is CVE-2026-30523?

The SourceCodester Loan Management System version 1.0 is susceptible to a Business Logic flaw due to inadequate input validation. The application permits administrators to set 'Loan Plans' based on duration in months. However, it fails to enforce that this duration must only be a positive integer. This oversight allows an attacker to submit a negative value for the months parameter, resulting in the system accepting invalid data and creating a loan plan with a negative duration, which can compromise the integrity of the loan management process.

References

https://github.com/meifukun/Web-Security-PoCs/blob/main/L...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2026
Vulnerability Reserved
Mar 4, 2026

CVE-2026-30523 Data

JSON