| Título | code-projects Invoice System in Laravel 1.0 Information Disclosure |
|---|
| Descrição | The /item API endpoint, used to populate the invoice creation form, does not enforce authentication or authorization. Any user (including unauthenticated guests) can access this endpoint to retrieve the full catalog of items, including internal names, prices, and descriptions. |
|---|
| Fonte | ⚠️ https://gist.github.com/higordiego/579622f7596354ade69e235b8e1cb88b |
|---|
| Utilizador | c4ttr4ck (UID 75518) |
|---|
| Submissão | 09/04/2026 03h49 (há 2 meses) |
|---|
| Moderação | 26/04/2026 16h45 (18 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 359710 [code-projects Invoice System in Laravel 1.0 API Endpoint /item Elevação de Privilégios] |
|---|
| Pontos | 17 |
|---|