| Название | code-projects Invoice System in Laravel 1.0 Information Disclosure |
|---|
| Описание | The /item API endpoint, used to populate the invoice creation form, does not enforce authentication or authorization. Any user (including unauthenticated guests) can access this endpoint to retrieve the full catalog of items, including internal names, prices, and descriptions. |
|---|
| Источник | ⚠️ https://gist.github.com/higordiego/579622f7596354ade69e235b8e1cb88b |
|---|
| Пользователь | c4ttr4ck (UID 75518) |
|---|
| Представление | 09.04.2026 03:49 (2 месяцы назад) |
|---|
| Модерация | 26.04.2026 16:45 (18 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 359710 [code-projects Invoice System in Laravel 1.0 API Endpoint /item эскалация привилегий] |
|---|
| Баллы | 17 |
|---|