CVE-2026-7092

code-projects Invoice System in Laravel Profile profile improper authorization

CVSS 5.3 MEDIUMEPSS 0.2%CWE-266 CWE-285

A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Productos afectados

code-projects · Invoice System in Laravel

PoCs públicas encontradas — 1

cve_referencegist.github.com/higordiego/9b5f076d7f651e45c0f30ae14bab3b4eno verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://code-projects.org/https://gist.github.com/higordiego/9b5f076d7f651e45c0f30ae14bab3b4e https://vuldb.com/submit/800388 https://vuldb.com/vuln/359667 https://vuldb.com/vuln/359667/cti