漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Tabit - arbitrary SMS send on Tabits behalf
Vulnerability Description
Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tabit allows an adversary to send messages on tabits behalf to anyone registered on the system - the API receives the parameters: phone number, and CustomMessage, We can use that API to craft malicious messages to any user of the system. In addition, the API probably has some kind of template injection potential. When entering {{OTP}} in the custom message field it is formatted into an OTP.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
N/A
Vulnerability Title
GTAB Software Tabit 安全漏洞
Vulnerability Description
GTAB Software Tabit是GTAB Software公司的一个用于创建、演奏和打印吉他、贝司或班卓琴指法谱的全功能程序。 GTAB Software Tabit 存在安全漏洞,该漏洞源于其重发OTP API允许攻击者制作恶意消息以tabit的名义向系统上注册的任何人发送消息。此外,该API可能具有某种模板注入可能。当在自定义消息字段中输入{{OTP}}时,它被格式化为OTP。
CVSS Information
N/A
Vulnerability Type
N/A