| 标题 | code-projects Invoice System in Laravel 1.0 Information Disclosure |
|---|
| 描述 | The /item API endpoint, used to populate the invoice creation form, does not enforce authentication or authorization. Any user (including unauthenticated guests) can access this endpoint to retrieve the full catalog of items, including internal names, prices, and descriptions. |
|---|
| 来源 | ⚠️ https://gist.github.com/higordiego/579622f7596354ade69e235b8e1cb88b |
|---|
| 用户 | c4ttr4ck (UID 75518) |
|---|
| 提交 | 2026-04-09 03時49分 (2 月前) |
|---|
| 管理 | 2026-04-26 16時45分 (18 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 359710 [code-projects Invoice System in Laravel 1.0 API Endpoint /item 权限提升] |
|---|
| 积分 | 17 |
|---|