An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. The vulnerability is located in the developer path that is accessible and hidden next to the root path. By default, there is no password set for the FTP or Web UI service.
References
Link | Resource |
---|---|
https://apps.apple.com/us/app/super-file-explorer-file-viewer-file-manager/id1101973946 | Product Third Party Advisory |
https://gist.github.com/adeshkolte/9e60b2483d2f20d1951beac0fc917c6f | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-01-28T04:36:52
Updated: 2020-01-28T04:36:52
Reserved: 2020-01-26T00:00:00
Link: CVE-2020-7998
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-01-28T05:15:11.523
Modified: 2020-02-04T15:25:00.940
Link: CVE-2020-7998
JSON object: View
Redhat Information
No data.
CWE