CVE-2012-5878

CRITICAL

Bulbsecurity Smartphone Pentest Framework - OS Command Injection

Title source: rule

Description

Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl.

Exploits (1)

exploitdb WORKING POC VERIFIED

by High-Tech Bridge · htmlwebappscgi

https://www.exploit-db.com/exploits/38114

View Code ZIP pw:eip

References (2)

[Not Applicable, Third Party Advisory] https://www.htbridge.com/advisory/HTB23123

[Exploit, Third Party Advisory] https://www.htbridge.com/advisory/HTB23127

Scores

CVSS v3 9.8

EPSS 0.1061

EPSS Percentile 93.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

bulbsecurity/smartphone_pentest_framework 0.1.2 - 0.1.4

Published Jan 03, 2020

Tracked Since Feb 18, 2026