Better Fitness Limited Galleryit App Path Traversal Vulnerability

A path traversal vulnerability has been identified in the Galleryit - Photo Vault, Album app by Better Fitness Limited, specifically in version 1.3.8.2 on Android. The issue arises from inadequate security validation during the file import process, allowing malicious applications to manipulate file names and contents. This exploitation can overwrite critical internal files within the app's storage, potentially leading to arbitrary code execution, unauthorized access to sensitive information, denial of service, and other serious security consequences.

Impact

Exploitation of this vulnerability allows for path traversal, enabling the overwriting of arbitrary files in the app's internal storage. This could disrupt the application's functionality, cause it to crash, or facilitate the execution of unauthorized code.

Reproduction

The vulnerability can be reproduced by sending an intent to the GalleryWelcomeActivity1 component of the Galleryit app. The intent must include a URI that traverses the file path to reach a target file within the app's shared preferences. This can be done using a malicious content provider that supplies the crafted URI, effectively overwriting the specified file with arbitrary data.