TastyIgniter Incorrect Access Control Vulnerability in Orders Management System Allowing Unauthorized Status Updates

Vulnerability

An incorrect access control vulnerability has been identified in TastyIgniter version 3.7.6, specifically within the Orders Management System. The issue arises in the 'index_onUpdateStatus()' function of 'Orders.php', where the application fails to properly verify if a user has the necessary permissions to change an order's status. This vulnerability can be exploited remotely, enabling unauthorized users to manipulate order statuses.

Impact

Exploitation of this vulnerability allows for unauthorized modification of order statuses, potentially leading to incorrect order management and processing.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.1

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.1

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TastyIgniter Incorrect Access Control Vulnerability in Orders Management System Allowing Unauthorized Status Updates

Vulnerability

Impact

Affected Products

TastyIgniter

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating