Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
MX Player Android App versions prior to v1.24.5, are vulnerable to a directory traversal vulnerability when user is using the MX Transfer feature in "Receive" mode. An attacker can exploit this by connecting to the MX Transfer session as a "sender" and sending a MessageType of "FILE_LIST" with a "name" field containing directory traversal characters (../). This will result in the file being transferred to the victim's phone, but being saved outside of the intended "/sdcard/MXshare" directory. In some instances, an attacker can achieve remote code execution by writing ".odex" and ".vdex" files in the "oat" directory of the MX Player application.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MX Media&Entertainment MX Player Android App 路径遍历漏洞
Vulnerability Description
MX Media&Entertainment MX Player Android App是印度MX Media&Entertainment公司的一款基于Android平台的视频流和视频点播应用程序。 MX Media&Entertainment MX Player Android App v1.24.5之前版本中存在路径遍历漏洞。攻击者可通过在MX Player应用程序‘oat’目录中写入‘.odex’和‘.vdex’文件利用该漏洞执行代码。
CVSS Information
N/A
Vulnerability Type
N/A