TastyIgniter Incorrect Access Control Vulnerability in Invoice Generation

Vulnerability

An incorrect access control vulnerability has been identified in TastyIgniter version 3.7.6. The issue resides in the invoice() function within Orders.php, where missing permission checks allow unauthorized users to access and generate invoices.

Impact

Exploitation of this vulnerability allows unauthorized users to access and generate invoices, potentially leading to unauthorized financial transactions or manipulation of order records.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

8.9

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

8.9

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TastyIgniter Incorrect Access Control Vulnerability in Invoice Generation

Vulnerability

Impact

Affected Products

TastyIgniter

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating