CVE-2019-2196
CVE-2019-2196 describes a SQL injection in Android's Download Provider, exploitable locally to disclose information without extra privileges. Affected: Android 8.0–10; vulnerability occurs in the query sort parameter, enabling information disclosure. Root cause: improper handling of sort paramete...