Home > Vulnerability Database > CVE-2024-44314

Mend.io Vulnerability Database

CVE-2024-44314

Date: March 17, 2025

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the index_onUpdateStatus() function within Orders.php, which fails to verify if the user has permission to modify an order's status. This flaw can be exploited remotely, leading to unauthorized order manipulation.

Severity Score

6.5

Related Resources (5)

Url: https://medium.com/@cnetsec/cve-2024-44314-incorrect-access-control-in-function-updateorder-fc5f2b1b0467

Url: https://github.com/tastyigniter/TastyIgniter/blob/3.x/app/admin/controllers/Orders.php

Url: https://github.com/tastyigniter/TastyIgniter

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-44314

Url: https://www.mend.io/vulnerability-database/CVE-2024-44314

Severity Score

6.5

Weakness Type (CWE)

Improper Authorization

CWE-285

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-44314

Date: March 17, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?