CVE-2022-34774

Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover the mail can be used t...

CVE-2022-34774

The CVE-2022-34774 entry concerns Tabit software where an endpoint mapped by a tiny URL allows modification of a user’s personal details (e.g., email, phone) in a restaurant loyalty program. The underlying issue enables potential account takeover, since altering the email could enable password re...

CVE-2022-34774 Tabit - Arbitrary account modification

Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover the mail can be used t...

PT-2022-22325 · Tabit · Tabit

Name of the Vulnerable Software and Affected Versions: Tabit affected versions not specified Description: The issue allows for arbitrary account modification. An endpoint mapped by a tiny URL permits an adversary to modify personal details, such as email addresses and phone numbers, of a specific...

CVE-2022-34774

Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover the mail can be used t...

CVE-2009-1767

admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the 1 loginname, 2 password, 3 email, 4 firstname, or 5 lastname parameter...