cvedb.io
CVE-2018-14066
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2018-07-15T16:29:00.223 · Last modified 2026-06-17T01:40:35.660

Summary

The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo.

Affected products

google — android

Does this affect you?

Add your gear to cvedb and we'll alert you only when google ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.