CVE-2024-44313
HIGHTastyigniter < 4.0.0 - Improper Access Control
Title source: ruleDescription
TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks.
Exploits (1)
nomisec
WORKING POC
1 stars
by chessredoffsec · poc
https://github.com/chessredoffsec/CVE-2024-44313
Scores
CVSS v3
8.1
EPSS
0.0186
EPSS Percentile
83.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-284
Status
published
Products (2)
tastyigniter/tastyigniter
3.7.6
tastyigniter/tastyigniter
0 - 4.0.0Packagist
Published
Mar 18, 2025
Tracked Since
Feb 18, 2026