CVE-2024-44313

HIGH8.1EPSS 1.2%

TastyIgniter Has an Incorrect Access Control Vulnerability via `invoice()` Function

Published: 3/18/2025Modified: 3/26/2025

Description

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks.

Affected packages (1)

Packagist/tastyigniter/tastyigniterfrom 0, < 4.0.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-44313
PATCHhttps://github.com/tastyigniter/TastyIgniter
WEBhttps://github.com/tastyigniter/TastyIgniter/blob/3.x/app/admin/controllers/Orders.php
WEBhttps://medium.com/@cnetsec/cve-2024-44313-incorrect-access-control-in-tastyigniter-3-7-6-01a73c548b74