CVE-2019-2198

MEDIUM

Android 8.0-10 - SQL Injection in Download Provider

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-2198. PoCs published by IOActive.

AI-analyzed exploit summary This repository contains a functional PoC for CVE-2019-2198, an SQL injection vulnerability in Android's Download Provider. The exploit leverages the selection parameter in content provider queries to dump sensitive data from the downloads database.

Description

In Download Provider, there is a possible SQL injection vulnerability. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135270103

Exploits (1)

nomisec WORKING POC 35 stars

by IOActive · poc

https://github.com/IOActive/AOSP-DownloadProviderDbDumperSQLiWhere

View Code ZIP pw:eip

This repository contains a functional PoC for CVE-2019-2198, an SQL injection vulnerability in Android's Download Provider. The exploit leverages the selection parameter in content provider queries to dump sensitive data from the downloads database.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Android (AOSP) Download Provider

No auth needed

Prerequisites: Access to an affected Android device or emulator

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://source.android.com/security/bulletin/2019-11-01

Scores

CVSS v3 5.5

EPSS 0.0040

EPSS Percentile 32.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-89

Status published

Products (4)

google/android 8.0

google/android 8.1

google/android 9.0

google/android 10.0

Published Nov 13, 2019

Tracked Since Feb 18, 2026