CVE-2026-7107

code-projects Invoice System in Laravel company unrestricted upload

CVSS 5.3 MEDIUMEPSS 0.2%CWE-284 CWE-434

A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation of the argument logo causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Produtos afetados

code-projects · Invoice System in Laravel

PoCs públicas encontradas — 1

cve_referencegist.github.com/higordiego/ea5944bd29cffee1162491d60ed5785anão verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://code-projects.org/https://gist.github.com/higordiego/ea5944bd29cffee1162491d60ed5785a https://vuldb.com/submit/800690 https://vuldb.com/vuln/359708 https://vuldb.com/vuln/359708/cti