CVE-2026-7092

code-projects Invoice System in Laravel Profile profile improper authorization

CVSS 5.3 MEDIUMEPSS 0.2%CWE-266 CWE-285

A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Produtos afetados

code-projects · Invoice System in Laravel

PoCs públicas encontradas — 1

cve_referencegist.github.com/higordiego/9b5f076d7f651e45c0f30ae14bab3b4enão verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://code-projects.org/https://gist.github.com/higordiego/9b5f076d7f651e45c0f30ae14bab3b4e https://vuldb.com/submit/800388 https://vuldb.com/vuln/359667 https://vuldb.com/vuln/359667/cti