Description
An issue in Team Amaze Amaze File Manager v.3.8.5 and fixed in v.3.10 allows a local attacker to execute arbitrary code via the onCreate method of DatabaseViewerActivity.java.
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://huntr.com/bounties/981c1cb3-d1e7-4f5c-8a24-155662d33787
Scores
CVSS v3
7.9
EPSS
0.0019
EPSS Percentile
8.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-77
Status
published
Published
Feb 11, 2025
Tracked Since
Feb 18, 2026