Submeter #800389: code-projects Invoice System in Laravel 1.0 Invoice System in Laravelinformação

Títulocode-projects Invoice System in Laravel 1.0 Invoice System in Laravel
DescriçãoInvoice records are accessed by raw ID without validating that the record belongs to the requesting company (tenant). While the index view is scoped, direct access to a specific invoice allows an attacker to view or edit invoices from any other company in the system.
Fonte⚠️ https://gist.github.com/higordiego/1d1a2b84768e4f80c673bd27be32c256
Utilizador
 c4ttr4ck (UID 75518)
Submissão09/04/2026 00h19 (há 2 meses)
Moderação26/04/2026 10h49 (17 days later)
EstadoAceite
Entrada VulDB359668 [code-projects Invoice System in Laravel 1.0 Invoice Endpoint /invoice/ ID Elevação de Privilégios]
Pontos17

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!