Vulnerabilities ›

CVE-2026-7092

Medium

CWE-266 — Weakness Type

                    Published: Apr 27, 2026                      ·  Modified: Apr 30, 2026                      ·  Source: NVD                

CVSS v3

6.3

🔗 NVD Official

📄 Description (English)

A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

🤖 AI Executive Summary

CVE-2026-7092 is an improper authorization vulnerability in code-projects Invoice System for Laravel 1.0 affecting the Profile Handler component. Remote attackers can manipulate the ID argument in the /profile/ endpoint to bypass authorization controls.

📄 Description (Arabic)

يؤثر هذا الضعف على نظام الفواتير المستند إلى Laravel 1.0 حيث يمكن للمهاجمين التلاعب بمعامل معرّف المستخدم في مسار /profile/ لتجاوز فحوصات التفويض. قد يؤدي هذا إلى الوصول غير المصرح به إلى بيانات الملفات الشخصية للمستخدمين الآخرين.

🤖 ملخص تنفيذي (AI)

This vulnerability allows unauthorized access to user profiles in Laravel-based invoice systems through ID parameter manipulation. Organizations using this system are at risk of unauthorized data access and potential privilege escalation.

🤖 AI Intelligence Analysis Analyzed: May 17, 2026 08:01

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking government healthcare

🎯 MITRE ATT&CK Techniques

T1548 T1078 T1190

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Immediately upgrade code-projects Invoice System to a patched version. Implement strict input validation and authorization checks on all profile endpoints. Apply principle of least privilege and conduct security code review of authorization logic in Profile Handler component.

🔧 خطوات المعالجة (العربية)

قم بترقية نظام الفواتير فوراً إلى نسخة معدلة. طبق التحقق الصارم من المدخلات والتحقق من الصلاحيات على جميع نقاط نهاية الملف الشخصي. طبق مبدأ أقل صلاحية وأجرِ مراجعة أمان شاملة لمنطق التحقق من الصلاحيات.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.1.2 5.2.1

🔵 SAMA CSF

AC-2 AC-3 AC-6

🟡 ISO 27001:2022

A.9.1.1 A.9.2.1 A.9.4.1

🔗 References & Sources 5

🔗

https://code-projects.org/

cna@vuldb.com

🔗

https://gist.github.com/higordiego/9b5f076d7f651e45c0f30ae14bab3b4e

cna@vuldb.com

🔗

https://vuldb.com/submit/800388

cna@vuldb.com

🔗

https://vuldb.com/vuln/359667

cna@vuldb.com

🔗

https://vuldb.com/vuln/359667/cti

cna@vuldb.com

📊 CVSS Score

6.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.3

CWECWE-266

EPSS0.04%

Exploit No

Patch ✗ No

Published 2026-04-27

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-266

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-7092

Introduce Yourself

Sign In Required