Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the index_onUpdateStatus() function within Orders.php, which fails to verify if the user has permission to modify an order's status. This flaw can be exploited remotely, leading to unauthorized order manipulation.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TastyIgniter 安全漏洞
Vulnerability Description
TastyIgniter是TastyIgniter开源的一个在线订购软件。 TastyIgniter 3.7.6版本存在安全漏洞,该漏洞源于Orders Management System中的index_onUpdateStatus函数访问控制不当,可能导致未经授权的用户更新订单状态。
CVSS Information
N/A
Vulnerability Type
N/A