CVE-2026-7093

MEDIUM

code-projects Invoice System in Laravel Invoice Endpoint invoice improper authorization

Title source: cna

Description

A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

References (5)

Core 5

Core References

Product product

https://code-projects.org/

Vdb Entry, Technical Description vdb-entry technical-description

VDB-359668 | code-projects Invoice System in Laravel Invoice Endpoint invoice improper authorization

https://vuldb.com/vuln/359668

Signature, Permissions Required signature permissions-required

VDB-359668 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/359668/cti

Third Party Advisory third-party-advisory

Submit #800389 | code-projects Invoice System in Laravel 1.0 Invoice System in Laravel

https://vuldb.com/submit/800389

Exploit exploit

https://gist.github.com/higordiego/1d1a2b84768e4f80c673bd27be32c256

Scores

CVSS v3 6.3

EPSS 0.0020

EPSS Percentile 10.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-266 CWE-285

Status published

Products (1)

code-projects/Invoice System in Laravel 1.0

Published Apr 27, 2026

Tracked Since Apr 27, 2026