Published: 20/10/2014 Updated: 29/08/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Subscribe to Smartphone Pentest Framework

Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 up to and including 0.1.4 allow remote malicious users to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bulbsecurity smartphone pentest framework 0.1.4
bulbsecurity smartphone pentest framework 0.1.2
bulbsecurity smartphone pentest framework 0.1.3

Smartphone Pentest Framework (SPF) versions 013 and 014 suffer from an OS command injection vulnerability ...

CWE-352 http://osvdb.org/87327 https://twitter.com/georgiaweidman/statuses/269138431567855618 http://secunia.com/advisories/51415 https://www.htbridge.com/advisory/HTB23123 https://www.htbridge.com/advisory/HTB23127 https://exchange.xforce.ibmcloud.com/vulnerabilities/80313 https://nvd.nist.gov https://packetstormsecurity.com/files/118743/Smartphone-Pentest-Framework-0.1.3-0.1.4-Command-Injection.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-5695

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect