← Back

CVE-2024-44313

nvd nist
Published: Mar 18, 2025Modified: Apr 2, 2025

JSON object

Loading...
8.1
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Exploitability: 2.8 / Impact: 5.2
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks.

Affected (1)

Tastyigniter
1 product
Tastyigniter
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Tastyigniter
Version 3.7.6

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

Source: cve@mitre.org
Product
Source: cve@mitre.org
Exploit

Timeline

No history available yet.