← back
CVE-2018-20523

CVE-2018-20523

EPSS 10.0%
Xiaomi Stock Browser 10.2.4.g on Xiaomi Redmi Note 5 Pro devices and other Redmi Android phones allows content provider injection. In other words, a third-party application can read the user's cleartext browser history via an app.provider.query content://com.android.browser.searchhistory/searchhistory request.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/163796/Xiaomi-10.2.4.g-Information-Disclosure.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50188unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/163796/Xiaomi-10.2.4.g-Information-Disclosure.htmlhttps://sec.xiaomi.comhttps://vishwarajbhattrai.wordpress.com/2019/03/22/content-provider-injection-in-xiaomi-stock-browser