SQL Injection Vulnerability in Samsung SecEmailSync for Galaxy S6 Devices
CVE-2016-2566

9.8CRITICAL

Key Information:

Vendor: Samsung
Status: Galaxy S6 Firmware
Vendor: CVE Published:; 13 April 2017

What is CVE-2016-2566?

A security vulnerability exists in the Samsung SecEmailSync application for Galaxy S6 devices, specifically those on the SM-G920F build G920FXXU2COH2. This flaw allows for SQL injection attacks, which could enable an attacker to manipulate database queries and potentially gain unauthorized access to sensitive information. Attackers may exploit this vulnerability to execute arbitrary SQL commands, posing data integrity risks and compromising user privacy.

References

http://www.securityfocus.com/bid/97654

vdb-entryx_refsource_BID

https://github.com/ud2/advisories/tree/master/android/sam...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2017
Vulnerability Reserved
Feb 25, 2016