7.5
CVSSv2

CVE-2014-8507

Published: 15/12/2014 Updated: 06/08/2015
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android prior to 5.0.0 allow remote malicious users to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

google android 4.0.3

google android 4.0.2

google android 4.0.1

google android 4.0

google android 2.3.2

google android 2.3.1

google android 4.4

google android 4.3.1

google android 4.3

google android 4.2.2

google android 4.2.1

google android 3.2

google android 3.1

google android 3.0

google android 2.3.7

google android 2.1

google android 2.0.1

google android 2.0

google android 1.6

google android 2.3

google android 2.2.3

google android

google android 4.4.1

google android 4.1.2

google android 4.0.4

google android 3.2.6

google android 3.2.2

google android 2.3.5

google android 2.3.3

google android 2.2.1

google android 2.2

google android 1.5

google android 1.0

google android 4.4.3

google android 4.4.2

google android 4.2

google android 4.1

google android 3.2.4

google android 3.2.1

google android 2.3.6

google android 2.3.4

google android 2.2.2

google android 1.1

Exploits

INTRODUCTION ================================== In Android <50, a SQL injection vulnerability exists in the opt module WAPPushManager, attacker can remotely send malformed WAPPush message to launch any activity or service in the victim's phone (need permission check) DETAILS ================================== When a WAPPush message is received ...

Mailing Lists

Android versions prior to 50 suffer from a remote SQL injection vulnerability in the opt module WAPPushManager ...