CVE-2012-5695

EUVD-2012-5578
Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS message.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
bulbsecuritysmartphone_pentest_framework
0.1.2
bulbsecuritysmartphone_pentest_framework
0.1.3
bulbsecuritysmartphone_pentest_framework
0.1.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/87327
http://secunia.com/advisories/51415
https://exchange.xforce.ibmcloud.com/vulnerabilities/80313
https://twitter.com/georgiaweidman/statuses/269138431567855618
https://www.htbridge.com/advisory/HTB23123
https://www.htbridge.com/advisory/HTB23127
http://osvdb.org/87327
http://secunia.com/advisories/51415
https://exchange.xforce.ibmcloud.com/vulnerabilities/80313
https://twitter.com/georgiaweidman/statuses/269138431567855618
https://www.htbridge.com/advisory/HTB23123
https://www.htbridge.com/advisory/HTB23127