exploitDog

CVE-2012-5878

Опубликовано: 03 янв. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Средний

Описание

Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl.

Ссылки

https://www.htbridge.com/advisory/HTB23123
Not Applicable
Third Party Advisory
https://www.htbridge.com/advisory/HTB23127
Exploit
Third Party Advisory
https://www.htbridge.com/advisory/HTB23123
Not Applicable
Third Party Advisory
https://www.htbridge.com/advisory/HTB23127
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bulbsecurity:smartphone_pentest_framework:*:*:*:*:*:*:*:*

Версия от 0.1.2 (включая) до 0.1.4 (включая)

EPSS

Процентиль: 93%

0.10613

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-vm48-9jq9-p4rm

github

почти 4 года назад

Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl.

EPSS

Процентиль: 93%

0.10613

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78