CVE-2024-12094

Information Disclosure Vulnerability in Tinxy

Description

This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in plaintext on the device database. An attacker with physical access to the rooted device could exploit this vulnerability by accessing its database leading to unauthorized access of user information such as username, email address and mobile number. Note: To exploit this vulnerability, the device must be rooted/jailbroken.

Remediation

Solution:

  • Upgrade Tinxy Andriod app to version 663000 and iOS app to version 6.7.0 https://play.google.com/store/apps/details?id=com.tinxy https://apps.apple.com/in/app/tinxy/id1387370719 https://play.google.com/store/apps/details

Category

5.4
CVSS
Severity: Medium
CVSS 4.0 •
EPSS 0.02%
Third-Party Advisory org.in
Affected: Mogify Infotech Tinxy Android app
Affected: Mogify Infotech Tinxy iOS app
Published at:
Updated at:

References

Link Tags
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0355 third party advisory

Frequently Asked Questions

What is the severity of CVE-2024-12094?
CVE-2024-12094 has been scored as a medium severity vulnerability.
How to fix CVE-2024-12094?
To fix CVE-2024-12094: Upgrade Tinxy Andriod app to version 663000 and iOS app to version 6.7.0 https://play.google.com/store/apps/details?id=com.tinxy https://apps.apple.com/in/app/tinxy/id1387370719 https://play.google.com/store/apps/details
Is CVE-2024-12094 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-12094 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-12094?
CVE-2024-12094 affects Mogify Infotech Tinxy Android app, Mogify Infotech Tinxy iOS app.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.