CVE-2025-9502 | Campcodes Online Loan Management System 1.0 ajax.php?action=save_payment loan_id sql injection
A vulnerability, which was classified as critical, was found in Campcodes Online Loan Management System 1.0. This impacts an unknown function of the file /ajax.php?action=save_payment. Executing manipulation of the argument loan_id can lead to sql injection.
The identification of this vulnerability is CVE-2025-9502. The attack may be launched remotely. Furthermore, there is an exploit available.