TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the index_onUpdateStatus() function within Orders.php, which fails to verify if the user has permission to modify an order's status. This flaw can be exploited remotely, leading to unauthorized order manipulation.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/44xxx/CVE-2024-44314.json",
"cna_assigner": "mitre"
}