CVE-2024-44313

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-44313

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-44313.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-44313

Aliases

GHSA-gg2f-r4jh-vpmh

Published

2025-03-18T00:00:00Z

Modified

2026-05-01T04:25:53.339448Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/44xxx/CVE-2024-44313.json",
    "cna_assigner": "mitre"
}

References

Affected packages

Git / github.com/tastyigniter/tastyigniter

Affected ranges

Type

GIT

Repo

https://github.com/tastyigniter/tastyigniter

Events

Introduced

Last affected

7dfd6de8fc1871edda846445a0c4cef3eb120bc7

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.7.6"
        }
    ]
}

Affected versions

2.*

2.0.0

2.1.0

2.1.1

v1.*

v1.0-beta

v1.1-beta

v1.2-beta

v1.2.1-beta

v1.3-beta

v1.4.0-beta

v1.4.1-beta

v1.4.1.0-beta

v1.4.2-beta

v3.*

v3.0.4

v3.0.4-beta

v3.0.4-beta.10

v3.0.4-beta.11

v3.0.4-beta.12

v3.0.4-beta.13

v3.0.4-beta.14

v3.0.4-beta.15

v3.0.4-beta.16

v3.0.4-beta.17

v3.0.4-beta.18

v3.0.4-beta.19

v3.0.4-beta.2

v3.0.4-beta.20

v3.0.4-beta.20.1

v3.0.4-beta.21

v3.0.4-beta.22

v3.0.4-beta.22.1

v3.0.4-beta.22.2

v3.0.4-beta.22.3

v3.0.4-beta.22.4

v3.0.4-beta.23

v3.0.4-beta.23.1

v3.0.4-beta.23.2

v3.0.4-beta.24

v3.0.4-beta.24.1

v3.0.4-beta.24.2

v3.0.4-beta.24.3

v3.0.4-beta.24.4

v3.0.4-beta.25

v3.0.4-beta.25.2

v3.0.4-beta.26

v3.0.4-beta.27

v3.0.4-beta.28

v3.0.4-beta.3

v3.0.4-beta.4

v3.0.4-beta.5

v3.0.4-beta.6

v3.0.4-beta.7

v3.0.4-beta.8

v3.0.4-beta.9

v3.0.4-beta.9.1

v3.0.5

v3.0.6

v3.0.7

v3.1.0

v3.1.0-rc.1

v3.1.1

v3.1.2

v3.2.0

v3.2.1

v3.2.2

v3.3.0

v3.3.1

v3.3.2

v3.4.0

v3.4.1

v3.5.0

v3.5.1

v3.5.2

v3.5.3

v3.5.4

v3.5.5

v3.6.0

v3.6.3

v3.6.4

v3.6.6

v3.7.0

v3.7.1

v3.7.2

v3.7.3

v3.7.5

v3.7.6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-44313.json"