CVE-2012-5878

CRITICAL

Bulb Security Smartphone Pentest Framework 0.1.2-0.1.4 - Remote Code Execution via Shell Metacharacters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5878. PoCs published by High-Tech Bridge.

AI-analyzed exploit summary This exploit demonstrates multiple command injection vulnerabilities in the Smartphone Pentest Framework by submitting crafted form data to various CGI scripts, leading to arbitrary command execution. The PoC uses wget to fetch and execute a backdoor script, showcasing RCE via unsanitized input parameters.

Description

Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl.

Exploits (1)

exploitdb WORKING POC VERIFIED
by High-Tech Bridge · htmlwebappscgi
https://www.exploit-db.com/exploits/38114

This exploit demonstrates multiple command injection vulnerabilities in the Smartphone Pentest Framework by submitting crafted form data to various CGI scripts, leading to arbitrary command execution. The PoC uses wget to fetch and execute a backdoor script, showcasing RCE via unsanitized input parameters.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Smartphone Pentest Framework 0.1.3 and 0.1.4
No auth needed
Prerequisites: Network access to the vulnerable web interface · Ability to submit POST requests to the target CGI scripts
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Not Applicable, Third Party Advisory x_refsource_misc
https://www.htbridge.com/advisory/HTB23123
Exploit, Third Party Advisory x_refsource_misc
https://www.htbridge.com/advisory/HTB23127

Scores

CVSS v3 9.8
EPSS 0.1061
EPSS Percentile 93.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
bulbsecurity/smartphone_pentest_framework 0.1.2 - 0.1.4
Published Jan 03, 2020
Tracked Since Feb 18, 2026