vocabletrainer 路径遍历漏洞

vocabletrainer is a Vocable trainer for Android 4+ phones with text field input and multiple choice tests by hgzojer individual developer. A path traversal vulnerability exists in versions of vocabletrainer prior to 1.3.1, which stems from a problem with the file...

CVE-2017-20181 hgzojer Vocable Trainer VocableTrainerProvider.java path traversal

A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0 on Android. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to...