Detections
Analytics

CVE-2024-44313

high

Description

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks.

References

https://medium.com/@cnetsec/cve-2024-44313-incorrect-access-control-in-tastyigniter-3-7-6-01a73c548b74

https://github.com/tastyigniter/TastyIgniter/blob/3.x/app/admin/controllers/Orders.php

Details

Source: Mitre, NVD

Published: 2025-03-18

Updated: 2025-03-25

Risk Information

CVSS v2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:N

Severity: High

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High