CVE-2012-5695

{"id": "CVE-2012-5695", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-10-20T16:55:05.917", "references": [{"url": "http://osvdb.org/87327", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/51415", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80313", "source": "cve@mitre.org"}, {"url": "https://twitter.com/georgiaweidman/statuses/269138431567855618", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.htbridge.com/advisory/HTB23123", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://www.htbridge.com/advisory/HTB23127", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/87327", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/51415", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80313", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://twitter.com/georgiaweidman/statuses/269138431567855618", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.htbridge.com/advisory/HTB23123", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.htbridge.com/advisory/HTB23127", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS message."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de CSRF en Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 hasta 0.1.4 permiten a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para solicitudes que realizan (1) ataques de metacaracteres de shell o (2) ataques de inyecci\u00f3n SQL o (3) env\u00edan un mensaje SMS."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bulbsecurity:smartphone_pentest_framework:0.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCE8CA0E-060D-42A2-80BE-C909AAF76DA4"}, {"criteria": "cpe:2.3:a:bulbsecurity:smartphone_pentest_framework:0.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13A0E52A-E68C-4DBA-BD86-55DC3BD90FBE"}, {"criteria": "cpe:2.3:a:bulbsecurity:smartphone_pentest_framework:0.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14C07A81-CA5F-4985-B53E-0C250EA3B229"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}