Remote Command Execution in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4

Remote Command Execution in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4

CVE-2012-5878 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl.

Learn more about our Mobile App Penetration Testing.