CVE-2026-7091

Name of the Vulnerable Software and Affected Versions code-projects Invoice System in Laravel version 1.0

Description An improper authorization flaw exists within the User Management Handler component. Specifically, manipulating the ID parameter in the '/user' endpoint allows remote attackers to gain unauthorized access to user-management functionality. This is a direct access-control issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. Avoid using the ID parameter in the '/user' endpoint until the issue is resolved.