Description
A SQL injection in the flutter_downloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of the framework is exposed to the local user if an app uses UIFileSharingEnabled and LSSupportsOpeningDocumentsInPlace properties. As a result, local users can obtain the same attack primitives as remote attackers by tampering with the internal database of the framework on the device.
References (2)
Core 2
Core References
Release Notes
https://pub.dev/packages/flutter_downloader/changelog
Exploit, Third Party Advisory
https://seredynski.com/articles/exploiting-ios-apps-to-extract-session-tokens-and-overwrite-user-data
Scores
CVSS v3
9.1
EPSS
0.0065
EPSS Percentile
46.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (1)
patreon/flutter_downloader
< 1.11.2
Published
Sep 19, 2023
Tracked Since
Feb 18, 2026