4 matches found
CVE-2024-44313
TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks...
CVE-2024-44314
TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the indexonUpdateStatus function within Orders.php, which fails to verify if the user has permission to modify an order'...
CVE-2024-44313
TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks...
CVE-2024-44314
TastyIgniter 3.7.6 contains an Incorrect Access Control in the Orders Management System. The vulnerability resides in Orders.php: index_onUpdateStatus(), which fails to verify a user’s permission before updating an order’s status. This allows unauthorized users to remotely modify orders (I:H, P:L...