Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2) guessPassword.pl in frameworkgui/; the filename parameter to (3) CSAttack.pl or (4) SEAttack.pl in frameworkgui/; the phNo2Attack parameter to (5) CSAttack.pl or (6) SEAttack.pl in frameworkgui/; the (7) platformDD2 parameter to frameworkgui/SEAttack.pl; the (8) agentURLPath or (9) agentControlKey parameter to frameworkgui/attach2agents.pl; or the (10) controlKey parameter to frameworkgui/attachMobileModem.pl. NOTE: The hostingPath parameter to CSAttack.pl and SEAttack.pl vectors and the appURLPath parameter to attachMobileModem.pl vector are covered by CVE-2012-5878.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Bulb Security Smartphone Pentest Framework 操作系统命令注入漏洞
Vulnerability Description
Bulb Security Smartphone Pentest Framework(SPF)是美国Bulb Security公司的一款针对智能手机的开源渗透测试工具。 Bulb Security SPF 0.1.3之前版本中存在安全漏洞。远程攻击者可借助‘ipAddressTB’参数中的shell元字符利用该漏洞执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A