CVE-2026-7091

MEDIUM

code-projects Invoice System in Laravel User Management user improper authorization

Title source: cna

Description

A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used.

References (5)

Core 5

Core References

Product product

https://code-projects.org/

Vdb Entry vdb-entry

VDB-359666 | code-projects Invoice System in Laravel User Management user improper authorization

https://vuldb.com/vuln/359666

Signature, Permissions Required signature permissions-required

VDB-359666 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/359666/cti

Third Party Advisory third-party-advisory

Submit #800387 | code-projects Invoice System in Laravel 1.0 Broken Access Control + Privilege Escalation

https://vuldb.com/submit/800387

Exploit exploit

https://gist.github.com/higordiego/61e803a7a91df083665f2bcee9489c95

Scores

CVSS v3 6.3

EPSS 0.0020

EPSS Percentile 10.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-266 CWE-285

Status published

Products (1)

code-projects/Invoice System in Laravel 1.0

Published Apr 27, 2026

Tracked Since Apr 27, 2026