### Key Information 1. **Vulnerability ID**: - VDB-278268 - CVE-2024-9090 2. **Vulnerability Name**: - SourceCodester Modern Loan Management System 1.0 Search_member.php SearchMember SQL Injection 3. **Affected File**: - search_member.php 4. **Vulnerability Description**: - The vulnerability exists in the `search_member.php` file of SourceCodester Modern Loan Management System 1.0. - It exploits the `searchMember` parameter, allowing SQL injection via externally-influenced input. - Classified under CWE-89, indicating that the vulnerability permits the construction or partial construction of SQL commands through externally-influenced input. 5. **Impact**: - Affects the construction of SQL commands in the file, where special elements are not properly neutralized or neutralized, potentially leading to modification of SQL commands in downstream components. - Impacts the confidentiality, integrity, and availability of data. 6. **Scoring**: - CVSS Meta Temp Score: 6.0 - Current Exploit Price: $0-$5k - CTI Interest Score: 3.50 7. **Exploitability**: - Can be exploited remotely. - Publicly disclosed and potentially exploitable. 8. **Exploitation Tools**: - Vulnerable targets can be identified by searching for `inurl:search_member.php`. - Vulnerable targets can also be found via Google Hacking. 9. **Recommendations**: - Replace the affected component. - Refer to similar entries such as VDB-278267 for additional context. ### Summary This vulnerability is an SQL injection flaw located in the `search_member.php` file of SourceCodester Modern Loan Management System 1.0. It allows attackers to construct or partially construct SQL commands via externally-influenced input, potentially compromising the confidentiality, integrity, and availability of data.