Security Advisory

CVE-2018-14066

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-07-15 16:00:00

Last updated 2024-09-16 18:19:07

Assigner mitre

State PUBLISHED

Description

The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo.

← Browse all CVEs View on cve.org ↗