VDB

PUB-A-224770183

PUB-A-224770183 PUBLISHED CVSS 8.5 HIGH

In a query in MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

Risk Scores

CVSS v4.0
8.5
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
platformpackages/providers/TelephonyProvider13:0, 13, 13:0

Timeline

  • Dec 1, 2022 CVE Published
  • May 15, 2026 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›