code-projects Invoice System in Laravel User Management user improper authorization

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Basic Information

ID CVE-2026-7091

Source VulDB

Published Apr 27, 2026 at 05:30

Affected Product

Vendor code-projects

Product Invoice System in Laravel

Version 1.0

Affected Versions code-projects Invoice System in Laravel 1.0

CWE Classification

CWE-285 CWE-266

References

{
    "lastseen": "",
    "description": "A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used.",
    "published": "2026-04-27T05:30:11.929Z",
    "modified": "2026-04-27T05:30:11.929Z",
    "type": "cve",
    "title": "code-projects Invoice System in Laravel User Management user improper authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/359666\nhttps://vuldb.com/vuln/359666/cti\nhttps://vuldb.com/submit/800387\nhttps://gist.github.com/higordiego/61e803a7a91df083665f2bcee9489c95\nhttps://code-projects.org/",
    "id": "CVE-2026-7091",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "code-projects Invoice System in Laravel 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Invoice System in Laravel",
    "version": "1.0",
    "vendor": "code-projects",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

code-projects Invoice System in Laravel User Management user improper authorization_CVE-2026-7091