Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A SQL injection in the flutter_downloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of the framework is exposed to the local user if an app uses UIFileSharingEnabled and LSSupportsOpeningDocumentsInPlace properties. As a result, local users can obtain the same attack primitives as remote attackers by tampering with the internal database of the framework on the device.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Flutter Downloader SQL注入漏洞
Vulnerability Description
Flutter Downloader是用于创建和管理下载任务的插件。 Flutter Downloader 1.11.1(iOS)版本存在安全漏洞,该漏洞源于如果应用程序使用 UIFileSharingEnabled 和 LSSupportsOpeningDocumentsInPlace 属性,则框架的内部数据库将向本地用户公开,远程攻击者利用该漏洞可以窃取会话令牌并覆盖应用程序容器内的任意文件。
CVSS Information
N/A
Vulnerability Type
N/A