CVE-2014-8507

Name of the Vulnerable Software and Affected Versions Android versions prior to 5.0.0

Description The issue concerns multiple SQL injection vulnerabilities in the queryLastApp method within the WAPPushManager module. These vulnerabilities allow remote attackers to execute arbitrary SQL commands by exploiting the wapAppId or contentType field of a PDU for a malformed WAPPush message. This could lead to launching an activity or service.

Recommendations For Android versions prior to 5.0.0, update to version 5.0.0 or later to resolve the issue.