CVE-2018-9493: In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local informat...

Description

In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111085900

Metrics

EPSS Probability

0.86%

53.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-89

Affected Software

Vendor	Product	Versions
Google	Android	7.0
Google	Android	7.1.1
Google	Android	7.1.2
Google	Android	8.0
Google	Android	8.1
Google	Android	9.0

References

Timeline

Published: Oct 2, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-9493?

In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111085900

How severe is CVE-2018-9493?

Severity scoring for CVE-2018-9493 is pending analysis. The EPSS model estimates a 0.86% probability of exploitation in the next 30 days.

How do I fix CVE-2018-9493?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.