code-projects Invoice System in Laravel Invoice Endpoint invoice improper authorization

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

Basic Information

ID CVE-2026-7093

Source VulDB

Published Apr 27, 2026 at 06:00

Affected Product

Vendor code-projects

Product Invoice System in Laravel

Version 1.0

Affected Versions code-projects Invoice System in Laravel 1.0

CWE Classification

CWE-285 CWE-266

References

{
    "lastseen": "",
    "description": "A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used.",
    "published": "2026-04-27T06:00:16.743Z",
    "modified": "2026-04-27T06:00:16.743Z",
    "type": "cve",
    "title": "code-projects Invoice System in Laravel Invoice Endpoint invoice improper authorization",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/359668\nhttps://vuldb.com/vuln/359668/cti\nhttps://vuldb.com/submit/800389\nhttps://gist.github.com/higordiego/1d1a2b84768e4f80c673bd27be32c256\nhttps://code-projects.org/",
    "id": "CVE-2026-7093",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "code-projects Invoice System in Laravel 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Invoice System in Laravel",
    "version": "1.0",
    "vendor": "code-projects",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

code-projects Invoice System in Laravel Invoice Endpoint invoice improper authorization_CVE-2026-7093