CVE-2024-44313

EUVD-2024-54210
TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CISA-ADPADP
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
tastyignitertastyigniter
3.7.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/tastyigniter/TastyIgniter/blob/3.x/app/admin/controllers/Orders.php
https://medium.com/@cnetsec/cve-2024-44313-incorrect-access-control-in-tastyigniter-3-7-6-01a73c548b74