Vulnerability Details : CVE-2012-5695
Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS message.
Vulnerability category: Sql InjectionCross-site request forgery (CSRF)
Products affected by CVE-2012-5695
- cpe:2.3:a:bulbsecurity:smartphone_pentest_framework:0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:bulbsecurity:smartphone_pentest_framework:0.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:bulbsecurity:smartphone_pentest_framework:0.1.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-5695
0.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-5695
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2012-5695
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-5695
-
https://twitter.com/georgiaweidman/statuses/269138431567855618
Georgia Weidman on Twitter: "SPF GUI back in may god and infosec forgive me: https://t.co/ufeMXnmb"Vendor Advisory
-
https://www.htbridge.com/advisory/HTB23123
Multiple Vulnerabilities in Smartphone Pentest Framework (SPF) - HTB23123 Security Advisory | ImmuniWebExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/80313
Smartphone Pentest Framework guessPassword.pl cross-site request forgery CVE-2012-5695 Vulnerability Report
-
https://www.htbridge.com/advisory/HTB23127
Multiple Command Execution Vulnerabilities in Smartphone Pentest Framework (SPF) - HTB23127 Security Advisory | ImmuniWebExploit
Jump to