CVE-2026-7092

MEDIUM CVSS 6.3 View on NVD ↗

Description

A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

References

https://code-projects.org/
https://gist.github.com/higordiego/9b5f076d7f651e45c0f30ae14bab3b4e
https://vuldb.com/submit/800388
https://vuldb.com/vuln/359667
https://vuldb.com/vuln/359667/cti

Published: Apr 27, 2026 07:16 UTC Modified: Apr 27, 2026 18:38 UTC