FKIE_CVE-2014-8507

Vulnerability from fkie_nvd - Published: 2014-12-15 18:59 - Updated: 2026-05-06 22:30
Severity
Summary
Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135.
References
cve@mitre.orghttp://packetstormsecurity.com/files/129283/Android-WAPPushManager-SQL-Injection.htmlExploit
cve@mitre.orghttp://seclists.org/fulldisclosure/2014/Nov/86Exploit
cve@mitre.orghttp://www.securityfocus.com/bid/71310
cve@mitre.orghttp://xteam.baidu.com/?p=167Exploit
cve@mitre.orghttps://android.googlesource.com/platform/frameworks/base/+/48ed835468c6235905459e6ef7df032baf3e4df6Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/129283/Android-WAPPushManager-SQL-Injection.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2014/Nov/86Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/71310
af854a3a-2127-422b-91ae-364da2661108http://xteam.baidu.com/?p=167Exploit
af854a3a-2127-422b-91ae-364da2661108https://android.googlesource.com/platform/frameworks/base/+/48ed835468c6235905459e6ef7df032baf3e4df6Vendor Advisory
Impacted products
Vendor Product Version
google android *
google android 1.0
google android 1.1
google android 1.5
google android 1.6
google android 2.0
google android 2.0.1
google android 2.1
google android 2.2
google android 2.2
google android 2.2.1
google android 2.2.2
google android 2.2.3
google android 2.3
google android 2.3
google android 2.3.1
google android 2.3.2
google android 2.3.3
google android 2.3.4
google android 2.3.5
google android 2.3.6
google android 2.3.7
google android 3.0
google android 3.1
google android 3.2
google android 3.2.1
google android 3.2.2
google android 3.2.4
google android 3.2.6
google android 4.0
google android 4.0.1
google android 4.0.2
google android 4.0.3
google android 4.0.4
google android 4.1
google android 4.1.2
google android 4.2
google android 4.2.1
google android 4.2.2
google android 4.3
google android 4.3.1
google android 4.4
google android 4.4.1
google android 4.4.2
google android 4.4.3
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "53885773-16E2-4D30-BBA4-43F928098515",
              "versionEndIncluding": "4.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0721FD34-5F94-4828-A8AA-EF70FAB71FC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "73CA4D29-321A-41ED-A75A-1EBB14A771C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C354829-6BEB-4C67-972A-60367073753C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "702B40EB-76BC-4686-A46E-D02DBE3A86E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4685EA90-1E01-4FFB-AE31-91FD5D69E2D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "938DC86D-C783-4EFA-9AB6-3ADC8CD7BB41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A33DBF65-09A6-4149-BABE-2FFFBF10C31D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "78B69434-13B2-4A43-AEB0-55E0ED403E54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:2.2:rev1:*:*:*:*:*:*",
              "matchCriteriaId": "D1755B91-1B6B-4A9E-BB6B-22B399A6DD02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A92E88F-CCED-41D7-AFB7-CE1F9265E546",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D13D3A00-27A0-4635-9D50-05CA81950691",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EB959DB-AFE7-4667-9662-949ADAB81CE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "18669EEC-ABB9-4CE4-8C0E-A88BE08EC368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:2.3:rev1:*:*:*:*:*:*",
              "matchCriteriaId": "61D64B87-F1F1-4E52-86AE-F28E2C43A9A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "83AB2497-59DE-4253-A758-A3D03FAEB913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E197EC0-82DF-49D5-BD1A-7EA22EC0B806",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "286EED24-E011-4009-BC2E-B63CA06072CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D634E2E3-4E8A-4C88-A6BF-DBE7439EB3B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:2.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "77E6F4DF-F80F-4A9B-871E-155C0D3DD449",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:2.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CC08431-C70E-4964-B7C0-C9C45F70DCD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:2.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A2A79C6-A7BD-46C2-8320-B9652135F3BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6997F035-D2F5-4174-B979-5D42FF69D9AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1FD2E59-59BF-4611-B65B-A2981127CAC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "86BFE05E-9749-43AA-8DB6-E2F13C2E1759",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48DCE4AD-D629-4F0B-AFA8-6CAD061D5FA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DAAB25F-26E4-4493-B3DA-F87240633031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:3.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CD6B49-B9D4-493E-902D-B4EF48260BB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:3.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB73EBA4-A9BE-4C40-9E6D-649E89D2C3F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A39C31E3-75C0-4E92-A6B5-7D67B22E3449",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB318EA4-2908-4B91-8DBB-20008FDF528A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F4E46A9-B652-47CE-92E8-01021E57724B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "36DD8E3F-6308-4680-B932-4CBD8E58A7FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DA9F0F7-D592-481E-884C-B1A94E702825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CD857E7-B878-49F9-BDDA-93DDEBB0B42B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A47AB858-36DE-4330-8CAC-1B46C5C8DA80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "49413FF7-7910-4F74-B106-C3170612CB2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8882E50-7C49-4A99-91F2-DF979CF8BB2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "98C32982-095C-4628-9958-118A3D3A9CAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en el m\u00e9todo queryLastApp en packages/WAPPushManager/src/com/android/smspush/WapPushManager.java en el m\u00f3dulo WAPPushManager en Android anterior a 5.0.0 permiten a atacantes remotos ejecutar comandos SQL arbitrarios, y como consecuencia lanzar una actividad o servicio, a trav\u00e9s del campo (1) wapAppId o (2) contentType de un PDU para un mensaje WAPPush malformado, tambi\u00e9n conocido como Bug 17969135."
    }
  ],
  "id": "CVE-2014-8507",
  "lastModified": "2026-05-06T22:30:45.220",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-12-15T18:59:16.690",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/129283/Android-WAPPushManager-SQL-Injection.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://seclists.org/fulldisclosure/2014/Nov/86"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/71310"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://xteam.baidu.com/?p=167"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://android.googlesource.com/platform/frameworks/base/+/48ed835468c6235905459e6ef7df032baf3e4df6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/129283/Android-WAPPushManager-SQL-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://seclists.org/fulldisclosure/2014/Nov/86"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/71310"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://xteam.baidu.com/?p=167"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://android.googlesource.com/platform/frameworks/base/+/48ed835468c6235905459e6ef7df032baf3e4df6"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.