CVE-2024-44314

Name of the Vulnerable Software and Affected Versions TastyIgniter version 3.7.6

Description The issue is related to an Incorrect Access Control flaw in the Orders Management System, allowing unauthorized users to update order statuses. This occurs due to a failure in verifying user permissions within the index onUpdateStatus() function in Orders.php, making it possible for exploitation to happen remotely and leading to unauthorized order manipulation.

Recommendations For TastyIgniter version 3.7.6, consider restricting access to the index onUpdateStatus() function in Orders.php until a patch is available to prevent unauthorized order status updates. Additionally, review and implement proper access control measures to ensure only authorized users can modify order statuses.