Количество 2
Количество 2
CVE-2024-44314
TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the index_onUpdateStatus() function within Orders.php, which fails to verify if the user has permission to modify an order's status. This flaw can be exploited remotely, leading to unauthorized order manipulation.
GHSA-w5h7-mw56-4v7x
TastyIgniter Has an Incorrect Access Control Vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-44314 TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the index_onUpdateStatus() function within Orders.php, which fails to verify if the user has permission to modify an order's status. This flaw can be exploited remotely, leading to unauthorized order manipulation. | CVSS3: 6.5 | 0% Низкий | 11 месяцев назад |
| GHSA-w5h7-mw56-4v7x TastyIgniter Has an Incorrect Access Control Vulnerability | CVSS3: 6.5 | 0% Низкий | 11 месяцев назад |
Уязвимостей на страницу