CVE-2024-44313: TastyIgniter Has an Incorrect Access Control Vulnerability via `invoice()` Function

March 18, 2025 (updated March 26, 2025)

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks.

References

github.com/advisories/GHSA-gg2f-r4jh-vpmh
github.com/tastyigniter/TastyIgniter
github.com/tastyigniter/TastyIgniter/blob/3.x/app/admin/controllers/Orders.php
medium.com/@cnetsec/cve-2024-44313-incorrect-access-control-in-tastyigniter-3-7-6-01a73c548b74
nvd.nist.gov/vuln/detail/CVE-2024-44313

Code Behaviors & Features

Detect and mitigate CVE-2024-44313 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →