CVE-2012-5695

high

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS message.

References

https://twitter.com/georgiaweidman/statuses/269138431567855618

https://exchange.xforce.ibmcloud.com/vulnerabilities/80313

http://secunia.com/advisories/51415

http://osvdb.org/87327

Details

Source: Mitre, NVD

Published: 2014-10-20

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00463