Improper verification of intent by broadcast receiver vulnerability in ThemeStore prior to 5.3.05.2 allows local attackers to write arbitrary files to sandbox of ThemeStore.
The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source.