Vulnerabilities ›

CVE-2026-7107

Medium

CWE-284 — Weakness Type

                    Published: Apr 27, 2026                      ·  Modified: Apr 30, 2026                      ·  Source: NVD                

CVSS v3

6.3

🔗 NVD Official

📄 Description (English)

A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation of the argument logo causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.

🤖 AI Executive Summary

CVE-2026-7107 is an unrestricted file upload vulnerability in code-projects Invoice System for Laravel 1.0 affecting the /company endpoint's logo parameter. This allows remote attackers to upload arbitrary files, potentially leading to code execution and system compromise.

📄 Description (Arabic)

يوجد ضعف في نظام الفواتير code-projects Invoice System الإصدار 1.0 في نقطة نهاية /company حيث لا يتم التحقق من صحة معامل شعار الشركة. يمكن للمهاجمين البعيدين استغلال هذا الضعف لتحميل ملفات خطيرة مثل البرامج النصية الضارة.

🤖 ملخص تنفيذي (AI)

A file upload vulnerability exists in code-projects Invoice System Laravel 1.0 where the logo parameter in /company lacks proper validation. Remote attackers can exploit this to upload malicious files and compromise affected systems.

🤖 AI Intelligence Analysis Analyzed: May 17, 2026 08:01

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking government healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1434 T1566

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Update code-projects Invoice System to the latest patched version immediately. Implement strict file upload validation including file type whitelist, size limits, and store uploads outside web root. Disable script execution in upload directories via web server configuration. Validate file content headers, not just extensions.

🔧 خطوات المعالجة (العربية)

قم بتحديث نظام الفواتير إلى أحدث إصدار معدل فوراً. طبق التحقق الصارم من تحميل الملفات بما في ذلك قائمة بيضاء لأنواع الملفات وحدود الحجم. عطل تنفيذ البرامج النصية في مجلدات التحميل عبر إعدادات خادم الويب. تحقق من رؤوس محتوى الملفات وليس الامتدادات فقط.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.1.2

🔵 SAMA CSF

CC-6.1 CC-6.2

🟡 ISO 27001:2022

A.14.2.1 A.14.2.5

🔗 References & Sources 5

🔗

https://code-projects.org/

cna@vuldb.com

🔗

https://gist.github.com/higordiego/ea5944bd29cffee1162491d60ed5785a

cna@vuldb.com

🔗

https://vuldb.com/submit/800690

cna@vuldb.com

🔗

https://vuldb.com/vuln/359708

cna@vuldb.com

🔗

https://vuldb.com/vuln/359708/cti

cna@vuldb.com

📊 CVSS Score

6.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.3

CWECWE-284

EPSS0.04%

Exploit No

Patch ✗ No

Published 2026-04-27

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-284

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-7107

Introduce Yourself

Sign In Required