{"vulnerability": "cve-2024-4431", "sightings": [{"uuid": "97a4a2b5-42a5-4502-bdee-060f2a10ae51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44313", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkobicnrvt26", "content": "", "creation_timestamp": "2025-03-18T18:13:30.606112Z"}, {"uuid": "812ba695-5fd2-4c3e-b123-628fd1212f5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44314", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkobidrba52s", "content": "", "creation_timestamp": "2025-03-18T18:13:36.122851Z"}, {"uuid": "e8f29b88-580e-4fd7-a3e6-7497c0c1cdd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44314", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-12T13:33:28.000000Z"}, {"uuid": "afc49744-2d4a-4b0e-8ad3-c99db446fab3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44314", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7907", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-44314\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the index_onUpdateStatus() function within Orders.php, which fails to verify if the user has permission to modify an order's status. This flaw can be exploited remotely, leading to unauthorized order manipulation.\n\ud83d\udccf Published: 2025-03-18T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-18T14:43:27.351Z\n\ud83d\udd17 References:\n1. https://github.com/tastyigniter/TastyIgniter/blob/3.x/app/admin/controllers/Orders.php\n2. https://medium.com/@cnetsec/cve-2024-44314-incorrect-access-control-in-function-updateorder-fc5f2b1b0467", "creation_timestamp": "2025-03-18T14:49:56.000000Z"}, {"uuid": "dffa3e4b-7fa1-4d77-9520-fdc31f6017df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44314", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-21T03:19:28.000000Z"}, {"uuid": "b699d170-1678-451f-9d7c-57ad77507c5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44313", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8720", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-44313\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice() function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks.\n\ud83d\udccf Published: 2025-03-18T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-25T18:16:50.241Z\n\ud83d\udd17 References:\n1. https://github.com/tastyigniter/TastyIgniter/blob/3.x/app/admin/controllers/Orders.php\n2. https://medium.com/@cnetsec/cve-2024-44313-incorrect-access-control-in-tastyigniter-3-7-6-01a73c548b74", "creation_timestamp": "2025-03-25T18:25:06.000000Z"}, {"uuid": "f7f04d26-8daa-4e67-9962-5c62f024d589", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44313", "type": "published-proof-of-concept", "source": "Telegram/YBrr9bnrMsHvjVMlNhE_R_T9Bu1Hec2ynwQC5xZi-avV8gw", "content": "", "creation_timestamp": "2025-03-20T04:00:07.000000Z"}, {"uuid": "941b7b22-b589-4316-bc85-30977fba9bf6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44313", "type": "published-proof-of-concept", "source": "Telegram/p7hLiccLONdwM2MX7hUwrX2iUDsZPVrkGyNQ09EnNeNIo2E", "content": "", "creation_timestamp": "2025-03-20T12:00:09.000000Z"}]}