Movatwitouch
CVE-2013-2318
LOW
Severity by source
AV:N/AC:H/Au:N/C:P/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:H/Au:N/C:P/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
The Content Provider in the MovatwiTouch application before 1.793 and MovatwiTouch Paid application before 1.793 for Android does not properly restrict access to authorization information, which allows attackers to hijack Twitter accounts via a crafted application.
AnalysisAI
The Content Provider in the MovatwiTouch application before 1.793 and MovatwiTouch Paid application before 1.793 for Android does not properly restrict access to authorization information, which. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-264. The Content Provider in the MovatwiTouch application before 1.793 and MovatwiTouch Paid application before 1.793 for Android does not properly restrict access to authorization information, which allows attackers to hijack Twitter accounts via a crafted application. Affected products include: Jig Movatwitouch, Jig Movatwitouch Paid. Version information: before 1.793.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today