Code injection

2020-12-3020:15:00

PRIOn knowledge base

www.prio-n.com

9.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.2%

JSON

The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for controlling the FTP server (aka services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER and services.ftpservice.FTPReceiver.ACTION_STOP_FTPSERVER).

CPENameOperatorVersion
amaze_file_managerlt3.4.2

CPE	Name	Operator	Version
	amaze_file_manager	lt	3.4.2

References

github.com/TeamAmaze/AmazeFileManager/compare/v3.4.1...v3.4.2

github.com/TeamAmaze/AmazeFileManager/pull/1815

play.google.com/store/apps/details?id=com.amaze.filemanager&hl=en_US&gl=US