CVE-2024-44314

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-44314
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-44314.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-44314
Aliases
Published
2025-03-18T15:15:53Z
Modified
2025-04-03T01:59:19.676332Z
Summary
[none]
Details

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the index_onUpdateStatus() function within Orders.php, which fails to verify if the user has permission to modify an order's status. This flaw can be exploited remotely, leading to unauthorized order manipulation.

References

Affected packages

Git / github.com/tastyigniter/tastyigniter

Affected ranges

Type
GIT
Repo
https://github.com/tastyigniter/tastyigniter
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

2.*

2.0.0
2.1.0
2.1.0-rc.1
2.1.0-rc.2
2.1.1

v1.*

v1.0-beta
v1.1-beta
v1.2-beta
v1.2.1-beta
v1.3-beta
v1.4.0-beta
v1.4.1-beta
v1.4.1.0-beta
v1.4.2-beta

v3.*

v3.0.4
v3.0.4-beta
v3.0.4-beta.10
v3.0.4-beta.11
v3.0.4-beta.12
v3.0.4-beta.13
v3.0.4-beta.14
v3.0.4-beta.15
v3.0.4-beta.16
v3.0.4-beta.17
v3.0.4-beta.18
v3.0.4-beta.19
v3.0.4-beta.2
v3.0.4-beta.20
v3.0.4-beta.20.1
v3.0.4-beta.21
v3.0.4-beta.22
v3.0.4-beta.22.1
v3.0.4-beta.22.2
v3.0.4-beta.22.3
v3.0.4-beta.22.4
v3.0.4-beta.23
v3.0.4-beta.23.1
v3.0.4-beta.23.2
v3.0.4-beta.24
v3.0.4-beta.24.1
v3.0.4-beta.24.2
v3.0.4-beta.24.3
v3.0.4-beta.24.4
v3.0.4-beta.25
v3.0.4-beta.25.1
v3.0.4-beta.25.2
v3.0.4-beta.26
v3.0.4-beta.27
v3.0.4-beta.28
v3.0.4-beta.3
v3.0.4-beta.4
v3.0.4-beta.5
v3.0.4-beta.6
v3.0.4-beta.7
v3.0.4-beta.8
v3.0.4-beta.9
v3.0.4-beta.9.1
v3.0.5
v3.0.6
v3.0.7
v3.1.0
v3.1.0-rc.1
v3.1.1
v3.1.2
v3.2.0
v3.2.1
v3.2.2
v3.3.0
v3.3.1
v3.3.2
v3.4.0
v3.4.1
v3.5.0
v3.5.1
v3.5.2
v3.5.3
v3.5.4
v3.5.5
v3.6.0
v3.6.1
v3.6.3
v3.6.4
v3.6.5
v3.6.6
v3.6.7
v3.6.8
v3.6.9
v3.7.0
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.7.5
v3.7.6