CVE-2024-44313

HIGH

TastyIgniter < 4.0.0 - Unauthenticated Incorrect Access Control in Orders Invoice Function

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-44313. PoCs published by chessredoffsec.

AI-analyzed exploit summary The repository contains a functional exploit for CVE-2024-44313, an authentication bypass vulnerability in TastyIgniter 3.7.6. The exploit demonstrates unauthorized access to order invoices by sending an unauthenticated HTTP request to a vulnerable endpoint.

Description

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks.

Exploits (1)

nomisec WORKING POC 1 stars
by chessredoffsec · poc
https://github.com/chessredoffsec/CVE-2024-44313

The repository contains a functional exploit for CVE-2024-44313, an authentication bypass vulnerability in TastyIgniter 3.7.6. The exploit demonstrates unauthorized access to order invoices by sending an unauthenticated HTTP request to a vulnerable endpoint.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: TastyIgniter 3.7.6
No auth needed
Prerequisites: Target URL of vulnerable TastyIgniter instance
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 8.1
EPSS 0.0124
EPSS Percentile 79.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-284
Status published
Products (2)
tastyigniter/tastyigniter 3.7.6
tastyigniter/tastyigniter 0 - 4.0.0Packagist
Published Mar 18, 2025
Tracked Since Feb 18, 2026