ГлавнаяУязвимости → CVE-2024-44313
8.1высокая

CVE-2024-44313

Описание

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks.

Затрагиваемое ПО
Tastyigniter Tastyigniter
CVSS
Балл8.1 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Источники
https://github.com/tastyigniter/TastyIgniter/blob/3.x/app/admin/controllers/Orders.phphttps://medium.com/@cnetsec/cve-2024-44313-incorrect-access-control-in-tastyigniter-3-7-6-01a73c548b74