CVE-2024-44313

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks.

CVSS

No CVSS.

References

Link	Resource
https://github.com/tastyigniter/TastyIgniter/blob/3.x/app/admin/controllers/Orders.php	Product
https://medium.com/@cnetsec/cve-2024-44313-incorrect-access-control-in-tastyigniter-3-7-6-01a73c548b74	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:tastyigniter:tastyigniter:3.7.6:*:*:*:*:*:*:*

History

02 Apr 2025, 12:30

Type	Values Removed	Values Added
CPE		cpe:2.3:a:tastyigniter:tastyigniter:3.7.6:::::::*
First Time		Tastyigniter Tastyigniter tastyigniter
References	~~() https://medium.com/@cnetsec/cve-2024-44313-incorrect-access-control-in-tastyigniter-3-7-6-01a73c548b74 -~~	() https://medium.com/@cnetsec/cve-2024-44313-incorrect-access-control-in-tastyigniter-3-7-6-01a73c548b74 - Exploit
References	~~() https://github.com/tastyigniter/TastyIgniter/blob/3.x/app/admin/controllers/Orders.php -~~	() https://github.com/tastyigniter/TastyIgniter/blob/3.x/app/admin/controllers/Orders.php - Product

18 Mar 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-18 15:15

Updated : 2025-04-02 12:30

NVD link : CVE-2024-44313

Mitre link : CVE-2024-44313

JSON object : View

Products Affected

tastyigniter

tastyigniter

CWE

No CWE.

JSON object

Attach tags to CVE-2024-44313

Attach tags to `CVE-2024-44313`