CVE-2023-35683

MEDIUM

Android - SQL Injection in DatabaseUtils.java

Title source: llm
STIX 2.1

Description

In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Scores

CVSS v3 5.5
EPSS 0.0017
EPSS Percentile 6.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (4)
google/android 11.0
google/android 12.0
google/android 12.1
google/android 13.0
Published Sep 11, 2023
Tracked Since Feb 18, 2026