CVE-2026-7092

MEDIUM

code-projects Invoice System in Laravel Profile profile improper authorization

Title source: cna

Description

A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

References (5)

Core 5

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-359667 | code-projects Invoice System in Laravel Profile profile improper authorization

https://vuldb.com/vuln/359667

Signature, Permissions Required signature permissions-required

VDB-359667 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/359667/cti

Third Party Advisory third-party-advisory

Submit #800388 | code-projects Invoice System in Laravel 1.0 Insecure Direct Object Reference (IDOR)

https://vuldb.com/submit/800388

Exploit exploit

https://gist.github.com/higordiego/9b5f076d7f651e45c0f30ae14bab3b4e

Product product

https://code-projects.org/

Scores

CVSS v3 6.3

EPSS 0.0020

EPSS Percentile 10.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-266 CWE-285

Status published

Products (1)

code-projects/Invoice System in Laravel 1.0

Published Apr 27, 2026

Tracked Since Apr 27, 2026