CVE-2018-14066
15.07.2018, 16:29
The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo.
| Vendor | Product | Version |
|---|---|---|
| android | 7.0 | |
| android | 6.0 |
𝑥
= Vulnerable software versions