CVE-2026-7107

code-projects Invoice System in Laravel company unrestricted upload

CVSS 5.3 MEDIUMEPSS 0.2%CWE-284 CWE-434

A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation of the argument logo causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Productos afectados

code-projects · Invoice System in Laravel

PoCs públicas encontradas — 1

cve_referencegist.github.com/higordiego/ea5944bd29cffee1162491d60ed5785ano verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://code-projects.org/https://gist.github.com/higordiego/ea5944bd29cffee1162491d60ed5785a https://vuldb.com/submit/800690 https://vuldb.com/vuln/359708 https://vuldb.com/vuln/359708/cti