CVE-2026-7107

CVE Database · CVE-2026-7107

CVE-2026-7107

· MEDIUMDeferred

CVSS v3.1

6.3

CVSS v4.0

2.1

EPSS

0.20%

Published

Apr 27, 2026

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation of the argument logo causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Weaknesses (CWE)

CWE-284CWE-434

References (5)

https://code-projects.org/

https://gist.github.com/higordiego/ea5944bd29cffee1162491d60ed5785a

https://vuldb.com/submit/800690

https://vuldb.com/vuln/359708

https://vuldb.com/vuln/359708/cti

KEV Catalog EPSS Scores Vendors All CVEs