CVE-2022-34774

Summary

Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover (the mail can be used to reset password).

Affected Software

VendorProductVersion RangeStatus
TabitTabit3.27.0 < 3.27.0*affected

Weaknesses

  • Arbitrary account modification

ADP Enrichment

CVE Program Container

Additional References

References