CVE-2018-14066

The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo.
Configurations

Configuration 1


Information

Published : 2018-07-15 04:29

Updated : 2018-09-21 01:47


NVD link : CVE-2018-14066

Mitre link : CVE-2018-14066

Products Affected
No products.
CWE