| عنوان | code-projects Invoice System in Laravel 1.0 Invoice System in Laravel |
|---|
| الوصف | Invoice records are accessed by raw ID without validating that the record belongs to the requesting company (tenant). While the index view is scoped, direct access to a specific invoice allows an attacker to view or edit invoices from any other company in the system. |
|---|
| المصدر | ⚠️ https://gist.github.com/higordiego/1d1a2b84768e4f80c673bd27be32c256 |
|---|
| المستخدم | c4ttr4ck (UID 75518) |
|---|
| ارسال | 09/04/2026 12:19 AM (18 أيام منذ) |
|---|
| الاعتدال | 26/04/2026 10:49 AM (17 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 359668 [code-projects Invoice System in Laravel 1.0 Invoice Endpoint /invoice/ معرف تجاوز الصلاحيات] |
|---|
| النقاط | 17 |
|---|