Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.4
SQL Injection in [Software Name] Allows Unauthorized Access
CVE-2025-48650
ASB-A-388530367
Summary
An attacker can access sensitive information without permission by manipulating the software's database requests. This could lead to unauthorized changes to sensitive data or access to restricted areas. Update the software to the latest version to fix this issue.
What to do
- Update google platform/packages/providers/telephonyprovider to version 16-qpr2-next:2026-03-01.
- Update google platform/packages/providers/telephonyprovider to version 15:2026-03-01.
- Update google platform/packages/providers/telephonyprovider to version 16:2026-03-01.
- Update google platform/packages/providers/telephonyprovider to version 14:2026-03-01.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| android | 14.0 | – | |
| android | 15.0 | – | |
| android | 16.0 | – | |
| platform/packages/providers/telephonyprovider | > 16-qpr2-next:0 , <= 16-qpr2-next:2026-03-01 | 16-qpr2-next:2026-03-01 | |
| platform/packages/providers/telephonyprovider | > 15:0 , <= 15:2026-03-01 | 15:2026-03-01 | |
| platform/packages/providers/telephonyprovider | > 16:0 , <= 16:2026-03-01 | 16:2026-03-01 | |
| platform/packages/providers/telephonyprovider | > 14:0 , <= 14:2026-03-01 | 14:2026-03-01 |
Original title
In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interac...
Original description
In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
nvd CVSS3.1
8.4
Vulnerability type
CWE-89
SQL Injection
Published: 1 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026