| عنوان | code-projects Invoice System in Laravel 1.0 Information Disclosure |
|---|
| الوصف | The /item API endpoint, used to populate the invoice creation form, does not enforce authentication or authorization. Any user (including unauthenticated guests) can access this endpoint to retrieve the full catalog of items, including internal names, prices, and descriptions. |
|---|
| المصدر | ⚠️ https://gist.github.com/higordiego/579622f7596354ade69e235b8e1cb88b |
|---|
| المستخدم | c4ttr4ck (UID 75518) |
|---|
| ارسال | 09/04/2026 03:49 AM (2 أشهر منذ) |
|---|
| الاعتدال | 26/04/2026 04:45 PM (18 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 359710 [code-projects Invoice System in Laravel 1.0 API Endpoint /item تجاوز الصلاحيات] |
|---|
| النقاط | 17 |
|---|