Lucene search
K

5 matches found

Hacker One
Hacker One
added 2025/01/17 1:58 a.m.1166 views

Yelp: Unauthorized Reservation Cancellation Through IDOR Vulnerability

Vulnerability description not provided...

7.1AI score
Exploits0
NVD
NVD
added 2022/08/22 3:15 p.m.21 views

CVE-2022-34775

Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/reservationId?organization=orgId API which return...

7.5CVSS0.00398EPSS
Exploits0References1
Prion
Prion
added 2022/08/22 3:15 p.m.30 views

Authentication flaw

Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/reservationId?organization=orgId API which return...

5CVSS7.4AI score0.00398EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/22 2:42 p.m.28 views

CVE-2022-34775 Tabit - Excessive data exposure

Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/reservationId?organization=orgId API which return...

6.3CVSS7.6AI score0.00398EPSS
Exploits0References1
CVE
CVE
added 2022/08/22 2:42 p.m.343 views

CVE-2022-34775

Tabit vulnerability (CVE-2022-34775) involves excessive data exposure via an API endpoint used for reservation cancellation. The endpoint query http://tgm-api.tabit.cloud/rsv/management/{reservationId}?organization={orgId} can return sensitive reservation data (name, email, phone, visit history, ...

7.5CVSS6.7AI score0.00398EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder