CVE-2022-34774

Name of the Vulnerable Software and Affected Versions Tabit (affected versions not specified)

Description The issue allows for arbitrary account modification. An endpoint mapped by a tiny URL permits an adversary to modify personal details, such as email addresses and phone numbers, of a specific user in a restaurant's loyalty program. This could possibly allow account takeover, as the modified email address can be used to reset the password.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.