Plattform
android
Komponente
owlfiles
Behoben in
12.0.2
CVE-2022-50890 describes a path traversal vulnerability discovered in Owlfiles File Manager, specifically impacting version 12.0.1. This flaw allows unauthorized access to system directories, potentially leading to data exposure and system compromise. The vulnerability is triggered by malicious GET requests containing directory traversal sequences. A fix is expected from the vendor.
The path traversal vulnerability in Owlfiles File Manager allows an attacker to bypass intended access controls and directly access files and directories on the device's file system. By crafting carefully designed GET requests with directory traversal sequences (e.g., ../..), an attacker can navigate outside the intended web application directory and access sensitive system files. This could include configuration files, database backups, or even executable code. Successful exploitation could lead to information disclosure, privilege escalation, and potentially remote code execution depending on the files accessed and their permissions. While no direct precedent exists for Owlfiles File Manager, path traversal vulnerabilities are frequently exploited to gain unauthorized access to sensitive data, similar to attacks targeting web servers and file sharing applications.
CVE-2022-50890 was publicly disclosed on 2026-01-13. The EPSS score is currently unavailable, but given the ease of exploitation associated with path traversal vulnerabilities, it is likely to be assessed as medium or high probability. No public proof-of-concept (PoC) exploits have been publicly released at this time, but the vulnerability is relatively straightforward to exploit, increasing the likelihood of PoC development. Refer to the NVD entry for further details.
Users of Android devices running Owlfiles File Manager version 12.0.1 are at direct risk. Shared hosting environments or devices with weak access controls are particularly vulnerable, as an attacker could potentially leverage this vulnerability to gain broader access to the system. Users who store sensitive data within the file manager's accessible directories are also at increased risk.
• android / file-manager:
Get-InstalledPackage -Name "Owlfiles File Manager"• android / file-manager:
# Check for suspicious files in accessible directories
Get-ChildItem -Path /data/data/com.owlfiles.filemanager/files/ -Recurse -ErrorAction SilentlyContinue | Where-Object {$_.Name -match "..\"}• android / file-manager:
# Check for unusual network activity related to the file manager
netstat -an | grep :8080 # Assuming default portdisclosure
Exploit-Status
EPSS
0.44% (63% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2022-50890 is to upgrade Owlfiles File Manager to a patched version as soon as it becomes available. Until a patch is released, consider restricting access to the File Manager application to trusted users only. Implement strict input validation on all user-supplied data, particularly GET request parameters, to prevent directory traversal attempts. Web application firewalls (WAFs) can be configured with rules to detect and block requests containing directory traversal sequences. Monitor system logs for unusual file access patterns that might indicate exploitation. After upgrade, confirm by attempting a directory traversal request and verifying that access is denied.
Actualice a la última versión disponible del Owlfiles File Manager para mitigar la vulnerabilidad de recorrido de ruta. Verifique las actualizaciones en la tienda de aplicaciones correspondiente. Evite abrir archivos de fuentes no confiables hasta que se aplique la actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2022-50890 is a vulnerability in Owlfiles File Manager version 12.0.1 that allows attackers to access system directories by crafting malicious GET requests.
If you are using Owlfiles File Manager version 12.0.1, you are potentially affected by this vulnerability. Upgrade to a patched version as soon as it becomes available.
The recommended fix is to upgrade to a patched version of Owlfiles File Manager. Monitor the vendor's official channels for updates.
There is currently no confirmed evidence of active exploitation, but the vulnerability's simplicity suggests a potential for future attacks.
Refer to the Owlfiles File Manager official website or their security advisory page for the latest information and updates regarding CVE-2022-50890.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine build.gradle-Datei hoch und wir sagen dir sofort, ob du betroffen bist.