• ThetaDev@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    2
    ·
    8 months ago

    Plus how would you want to exploit a F-Droid SQL injection vulnerability in the search bar?

    AFAIK you cannot trigger searches using URLs, so the user would have to type/paste the SQL into the search field themselves to mess up their database.

    • nutomic@lemmy.ml
      link
      fedilink
      arrow-up
      3
      ·
      8 months ago

      One of the comments mentions that another app can trigger search through an Android intent. So its better to be safe and close any potential vulnerabilities, but this doesnt seem particularly useful for an attacker.