CVE-2018-14066

2018-07-15T16:29:00
ID CVE-2018-14066
Type cve
Reporter cve@mitre.org
Modified 2018-09-21T13:47:00

Description

The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo.