Description
A security vulnerability has been detected in code-projects Invoice System in Laravel 1.0. This affects an unknown function. Such manipulation leads to cross-site request forgery. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
Published: 2026-04-27
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑site request forgery (CSRF)
Action: Patch Now
AI Analysis

Impact

The vulnerability is an uncontrolled cross‑site request forgery in the code‑projects Invoice System in Laravel 1.0. An attacker can manipulate an unknown function and cause authenticated users to perform undesired actions without their consent. The flaw is a classic CSRF (CWE‑352) combined with missing access control (CWE‑862), allowing remote exploitation.

Affected Systems

code‑projects’ Invoice System in Laravel, version 1.0. No other affected versions are documented in the CVE record.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, but the EPSS score of less than 1% suggests a very low probability of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Attackers can exploit it from a remote host as the description states. The lack of an official patch or workaround means any existing control relies on proper CSRF prevention mechanisms.

Generated by OpenCVE AI on April 28, 2026 at 04:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy the latest release of the code‑projects Invoice System in Laravel once an official patch is available.
  • Ensure that framework‑provided CSRF tokens are enabled and validated on all state‑changing requests.
  • Add a same‑origin origin or Referer header check to state‑changing endpoints to mitigate blind CSRF.
  • If no patch is available, remove or isolate the vulnerable function that can be invoked without proper validation.

Generated by OpenCVE AI on April 28, 2026 at 04:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects invoice System In Laravel
Vendors & Products Code-projects
Code-projects invoice System In Laravel

Mon, 27 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 27 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in code-projects Invoice System in Laravel 1.0. This affects an unknown function. Such manipulation leads to cross-site request forgery. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
Title code-projects Invoice System in Laravel cross-site request forgery
Weaknesses CWE-352
CWE-862
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Invoice System In Laravel
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-27T12:05:28.342Z

Reserved: 2026-04-26T14:45:00.700Z

Link: CVE-2026-7108

cve-icon Vulnrichment

Updated: 2026-04-27T12:05:24.005Z

cve-icon NVD

Status : Deferred

Published: 2026-04-27T09:16:03.500

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-7108

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T04:45:22Z

Weaknesses