SQLInjection in FileContentProvider.kt - ownCloud

Due to some insecure code in a exported content provider an attacker with local access could retrieve information from the ownCloud app database through SQL injection...

ownCloud: GitHub Security Lab (GHSL) Vulnerability Report: SQLInjection in FileContentProvider.kt (GHSL-2022-059)

Vulnerability description not provided...

CVE-2021-43863 SQL Injection in FileContentProvider (GHSL-2021-1007)

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers FileContentProvider and DiskLruImageCacheFileProvider have security issues an SQL...

Query restriction bypass on exposed FileContentProvider in Android app (NC-SA-2019-011)

Not strictly enough sanitization allowed an attacker to get content information from protected tables when using custom queries...

Nextcloud: SQLi allow query restriction bypass on exposed FileContentProvider

FileContentProvider is an exposed provider As per its definition on https://github.com/nextcloud/android/blob/master/src/main/java/com/owncloud/android/providers/FileContentProvider.java, limited set of data shall be exposed as per @l444 switch mUriMatcher.matchuri case ROOTDIRECTORY: case...

Nextcloud: Improper protection of FileContentProvider

Some data in the FileContentProvider is protected against applications not related to NextCloud. The application checks if calling application package name contains "com.nextcloud.client" string. Every application with such substring in package name is allowed to fully access FileContentProvider...