CVE-2024-33469

CVE-2024-33469 is a vulnerability affecting Team Amaze's Amaze File Manager application in version 3.8.5, which has been addressed in version 3.10. The flaw exists in the onCreate method of DatabaseViewerActivity.java, enabling a local attacker to execute arbitrary code. It is categorized under CWE-77 (Command Injection) and carries a CVSS v3.1 base score of 7.9 (AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N), indicating high severity due to its scope change and integrity impact.

A local attacker on the affected Android device can exploit this vulnerability with low complexity, no privileges, and no user interaction required. Successful exploitation allows arbitrary code execution, resulting in high integrity impact (I:H) such as unauthorized modifications, low confidentiality impact (C:L), and no availability disruption (A:N).

Advisories recommend updating to Amaze File Manager version 3.10 to mitigate the issue. Additional details are available in the security research repository at https://github.com/blackbeard666/security-research/tree/main/CVE-2024-33469 and the Huntr bounty report at https://huntr.com/bounties/981c1cb3-d1e7-4f5c-8a24-155662d33787.