CVE-2026-30522
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users from entering negative numbers in the "Monthly Overdue Penalty" field, this constraint is not enforced on the backend. An authenticated attacker can bypass the client-side restriction by manipulating the HTTP POST request to submit a negative value for the penalty_rate.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2026-30522?
CVE-2026-30522 has been classified as a Business Logic vulnerability, indicating a moderate impact on the integrity of the loan management system.
How do I fix CVE-2026-30522?
To fix CVE-2026-30522, implement proper server-side validation to ensure that negative penalty rates cannot be created for loan plans.
What software is affected by CVE-2026-30522?
CVE-2026-30522 affects SourceCodester Loan Management System version 1.0.
What are the consequences of CVE-2026-30522?
The consequences of CVE-2026-30522 include potential financial loss and improper loan management due to the ability to create invalid loan plans.
Who is vulnerable to CVE-2026-30522?
Administrators using SourceCodester Loan Management System version 1.0 are vulnerable to CVE-2026-30522 due to insufficient validation on loan plan configurations.