Smartbit CommV Smartschool App Path Traversal Vulnerability in SplashActivity Component
Vulnerability
A path traversal vulnerability has been identified in the Smartbit CommV Smartschool App, specifically in versions prior to 10.4.4. The issue arises from inadequate security validation in the file import process, allowing malicious apps to manipulate filenames and contents to overwrite critical internal files. This vulnerability could lead to unauthorized code execution, denial of service, and other significant security issues. Exploitation requires local access, and a public proof-of-concept exploit is available.
Impact
Exploitation of this vulnerability allows for arbitrary file overwriting, which could disrupt the application's functionality or lead to unauthorized code execution.
Reproduction
The vulnerability can be reproduced by sending an intent to the Smartschool app's SplashActivity component. The intent must include a file stream that exploits the path traversal flaw by targeting a sensitive file in the app's internal storage, such as a shared preferences file. This can be done using a malicious content provider that delivers the crafted file stream.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.