• @[email protected]
    link
    fedilink
    28 months ago

    Plus how would you want to exploit a F-Droid SQL injection vulnerability in the search bar?

    AFAIK you cannot trigger searches using URLs, so the user would have to type/paste the SQL into the search field themselves to mess up their database.

    • @[email protected]
      link
      fedilink
      38 months ago

      One of the comments mentions that another app can trigger search through an Android intent. So its better to be safe and close any potential vulnerabilities, but this doesnt seem particularly useful for an attacker.