CVE-2018-9493

MEDIUM

Android 7.0-9.0 - SQL Injection in Download Manager Content Provider

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-9493. PoCs published by IOActive.

AI-analyzed exploit summary This PoC exploits a SQL injection vulnerability in Android's Download Provider (CVE-2018-9493) to dump sensitive information from the downloads database. It uses a crafted query to bypass restrictions and extract data, including protected columns, via a binary search technique.

Description

In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111085900

Exploits (1)

nomisec WORKING POC 8 stars
by IOActive · poc
https://github.com/IOActive/AOSP-DownloadProviderDbDumper

This PoC exploits a SQL injection vulnerability in Android's Download Provider (CVE-2018-9493) to dump sensitive information from the downloads database. It uses a crafted query to bypass restrictions and extract data, including protected columns, via a binary search technique.

Classification
Working Poc 100%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Android Download Provider (AOSP)
No auth needed
Prerequisites: Access to an Android device with the vulnerable Download Provider
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 5.5
EPSS 0.0086
EPSS Percentile 53.7%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-89
Status published
Products (6)
google/android 7.0
google/android 7.1.1
google/android 7.1.2
google/android 8.0
google/android 8.1
google/android 9.0
Published Oct 02, 2018
Tracked Since Feb 18, 2026