2025-03-18 00:00:00
mitre
PUBLISHED
TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the index_onUpdateStatus() function within Orders.php, which fails to verify if the user has permission to modify an orders status. This flaw can be exploited remotely, leading to unauthorized order manipulation.