Submit #800388: code-projects Invoice System in Laravel 1.0 Insecure Direct Object Reference (IDOR)info

Titlecode-projects Invoice System in Laravel 1.0 Insecure Direct Object Reference (IDOR)
DescriptionThe profile workflow uses a user-controlled id in the route and fails to verify that the requested profile belongs to the authenticated user. This allows an attacker to view or modify any user's profile data by simply changing the ID in the URL.
Source⚠️ https://gist.github.com/higordiego/9b5f076d7f651e45c0f30ae14bab3b4e
User
 c4ttr4ck (UID 75518)
Submission04/09/2026 00:17 (3 months ago)
Moderation04/26/2026 10:49 (17 days later)
StatusAccepted
VulDB entry359667 [code-projects Invoice System in Laravel 1.0 Profile /profile/ ID improper authorization]
Points16

Want to stay up to date on a daily basis?

Enable the mail alert feature now!