PEAKSEL D.O.O. NIS Animal Sounds and Ringtones Arbitrary File Overwrite Vulnerability

A vulnerability allowing arbitrary file overwriting has been identified in the PEAKSEL D.O.O. NIS Animal Sounds and Ringtones app, version 1.3.0. This vulnerability arises from inadequate security validation during the file import process, enabling attackers to overwrite critical internal files. The exploitation of this vulnerability could lead to arbitrary code execution, exposure of sensitive information, denial of service, and other severe security consequences.

Impact

Exploitation of this vulnerability could result in overwriting essential files within the app, potentially allowing for arbitrary code execution, disruption of the app's functionality, or unauthorized access to sensitive information.

Reproduction

The vulnerability can be reproduced by importing files through the app's file import process. A malicious app can be crafted to control the filename and content, using path traversal techniques to overwrite sensitive files in the internal storage of the Animal Sounds and Ringtones app. Once the victim opens the malicious app, the overwriting of files occurs automatically, without the need for complex user interaction.