CVE-2024-12094
Published: Dec 5, 2024
Modified: Apr 15, 2025
Description
This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in plaintext on the device database. An attacker with physical access to the rooted device could exploit this vulnerability by accessing its database leading to unauthorized access of user information such as username, email address and mobile number. Note: To exploit this vulnerability, the device must be rooted/jailbroken.
| Vendor | Product | Versions |
|---|---|---|
Mogify Infotech | Tinxy Android app | affected <663000 |
Mogify Infotech | Tinxy iOS app | affected <6.7.0 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now