CVE-2023-40121
5.5MEDIUM
Key Information
- Vendor
- Status
- Android
- Vendor
- CVE Published:
- 27 October 2023
Badges
👾 Exploit Exists🔴 Public PoC
Summary
In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
Affected Version(s)
Android = 13
Android = 12L
Android = 12
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
- 👾
Exploit exists.
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database2 Proof of Concept(s)