A command injection vulerability found in quick game engine allows arbitrary remote code in quick app. Allows remote attacke0rs to gain arbitrary code execution in quick game engine
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HOppo Quick App
APPOppo4.5.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Powiązane podatności
CVE-2024-1608CRITICAL9.1PL ✓ten sam vendor
Privilege escalation w OPPO Usercenter Credit SDK — wyciek danych aplikacji
CVE-2020-11829CRITICAL9.8ten sam vendor
Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is co...
CVE-2020-11830CRITICAL9.8ten sam vendor
QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityp...
CVE-2020-11831CRITICAL9.8ten sam vendor
OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is co...
CVE-2026-22070HIGH7.1ten sam vendor
ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.