Code-Projects Invoice System in Laravel 跨站请求伪造漏洞

Code-Projects Invoice System in Laravel is an open-source invoice system developed by Code-Projects. Version 1.0 of the Code-Projects Invoice System in Laravel contained a cross-site request forgeing vulnerability. This vulnerability was caused by an unknown function that allowed cross-site reque...

PT-2026-35361

A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to b...

PT-2026-35359

A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may...

PT-2026-35360

A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been...

PT-2026-35389

A flaw has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /item. Executing a manipulation of the argument item name/description can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published an...

PT-2026-35380

A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation of the argument logo causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made availabl...

PT-2026-35381

A security vulnerability has been detected in code-projects Invoice System in Laravel 1.0. This affects an unknown function. Such manipulation leads to cross-site request forgery. The attack may be performed from remote. The exploit has been disclosed publicly and may be used...

PT-2026-35388

A vulnerability was detected in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /item of the component API Endpoint. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and...

Code-Projects Invoice System in Laravel 跨站脚本漏洞

Code-Projects Invoice System in Laravel is an open-source invoice system developed by Code-Projects. Version 1.0 of the Code-Projects Invoice System in Laravel contained a cross-site scripting vulnerability. This vulnerability was caused by unknown functions in the /item file that manipulated the...

Spam campaign targeting Brazil abuses Remote Monitoring and Management tools

Cisco Talos identified a spam campaign targeting Brazilian users with commercial remote monitoring and management RMM tools since at least January 2025. Talos observed the use of PDQ Connect and N-able remote access tools in this campaign. The spam message uses the Brazilian electronic invoice...

CVE-2023-5443

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting. This issue affects E-invoice: before 2.1...

Infodrom Software E-Invoice Approval System SQL注入漏洞

Infodrom Software E-Invoice Approval System is an electronic invoice approval system from Infodrom Software, Turkey. A SQL injection vulnerability exists in Infodrom Software E-Invoice Approval System versions prior to v.20230701, which stems from vulnerability to SQL injection attacks...

Invoice System 1.0 - 'Multiple' Stored Cross-Site Scripting (XSS)

Exploit Title: Invoice System 1.0 - 'Multiple' Stored Cross-Site Scripting XSS Date: 12 July 2021 Exploit Author: Subhadip Nag mrl0s3r Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14858/invoice-system-using-phpoop-free-source-code.html Tested...

50m-ctf: Several vulnerabilities lead to Remote Code Execution and Arbitraty File Read on multiple servers

Summary: - Tweeted image contained URL https://bit.do/h1therm to download an APK - APK API 35.243.186.41 is vulnerable to SQL Injection on username parameter and leaked location of server 104.196.12.98 through the devices table - Login form on 104.196.12.98 is vulnerable to timing attack on hash...

Online Invoice System 3.0 SQL Injection

Exploit Title: Online Invoice System 3.0 - SQL Injection Dork: N/A Date: 07.09.2017 Vendor Homepage: http://www.onlineinvoicesystem.com/ Software Link: http://www.onlineinvoicesystem.com/indexv3.html Demo: http://www.onlineinvoicesystem.com/onlineinvoicesystem3/index.php Version: 3.0 Category:...

Online Invoice System 3.0 - SQL Injection

Online Invoice System 3.0 - SQL Injection Exploit Title: Online Invoice System 3.0 - SQL Injection Dork: N/A Date: 07.09.2017 Vendor Homepage: http://www.onlineinvoicesystem.com/ Software Link: http://www.onlineinvoicesystem.com/indexv3.html Demo:...

Online Invoice System 3.0 - SQL Injection

Exploit Title: Online Invoice System 3.0 - SQL Injection Dork: N/A Date: 07.09.2017 Vendor Homepage: http://www.onlineinvoicesystem.com/ Software Link: http://www.onlineinvoicesystem.com/indexv3.html Demo: http://www.onlineinvoicesystem.com/onlineinvoicesystem3/index.php Version: 3.0 Category:...

Online Invoice System 3.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Invoice System 3.0 - SQL Injection Dork: N/A Date: 07.09.2017 Vendor Homepage: http://www.onlineinvoicesystem.com/ Software Link: http://www.onlineinvoicesystem.com/indexv3.html Demo:...