{"vulnerability": "cve-2024-44314", "sightings": [{"uuid": "812ba695-5fd2-4c3e-b123-628fd1212f5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44314", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkobidrba52s", "content": "", "creation_timestamp": "2025-03-18T18:13:36.122851Z"}, {"uuid": "dffa3e4b-7fa1-4d77-9520-fdc31f6017df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44314", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-21T03:19:28.000000Z"}, {"uuid": "e8f29b88-580e-4fd7-a3e6-7497c0c1cdd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44314", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-12T13:33:28.000000Z"}, {"uuid": "afc49744-2d4a-4b0e-8ad3-c99db446fab3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-44314", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7907", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-44314\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the Orders Management System, allowing unauthorized users to update order statuses. The issue occurs in the index_onUpdateStatus() function within Orders.php, which fails to verify if the user has permission to modify an order's status. This flaw can be exploited remotely, leading to unauthorized order manipulation.\n\ud83d\udccf Published: 2025-03-18T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-18T14:43:27.351Z\n\ud83d\udd17 References:\n1. https://github.com/tastyigniter/TastyIgniter/blob/3.x/app/admin/controllers/Orders.php\n2. https://medium.com/@cnetsec/cve-2024-44314-incorrect-access-control-in-function-updateorder-fc5f2b1b0467", "creation_timestamp": "2025-03-18T14:49:56.000000Z"}]}