Android File Manager for Android (com.smartwho.SmartFileManager) Local Path Traversal File Access
Local Access Required,
Mobile Phone / Hand-held Device
Loss of Confidentiality
Android File Manager for Android (com.smartwho.SmartFileManager) contains a flaw that allows traversing outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically path traversal style attacks (e.g. '../'). With a specially crafted request, a local attacker can gain access to arbitrary files.
We are not currently aware of a solution for this vulnerability.