Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tabit - arbitrary SMS send on Tabits behalf
Vulnerability Description
Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tabit allows an adversary to send messages on tabits behalf to anyone registered on the system - the API receives the parameters: phone number, and CustomMessage, We can use that API to craft malicious messages to any user of the system. In addition, the API probably has some kind of template injection potential. When entering {{OTP}} in the custom message field it is formatted into an OTP.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
N/A
Vulnerability Title
GTAB Software Tabit 安全漏洞
Vulnerability Description
GTAB Software Tabit是GTAB Software公司的一个用于创建、演奏和打印吉他、贝司或班卓琴指法谱的全功能程序。 GTAB Software Tabit 存在安全漏洞,该漏洞源于其重发OTP API允许攻击者制作恶意消息以tabit的名义向系统上注册的任何人发送消息。此外,该API可能具有某种模板注入可能。当在自定义消息字段中输入{{OTP}}时,它被格式化为OTP。
CVSS Information
N/A
Vulnerability Type
N/A