Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Bulb Security Smartphone Pentest Framework 权限许可和访问控制漏洞
Vulnerability Description
Bulb Security Smartphone Pentest Framework(SPF)是一套开源的智能手机渗透测试框架,它可帮助测试当前网络环境中手机的安全漏洞,包括远程漏洞、客户端漏洞和、本地提权等。 Bulb Security SPF 0.1.3之前版本的btinstall安装脚本中存在安全漏洞,该漏洞源于frameworkgui/目录下的所有文件使用弱权限。本地攻击者可直接访问这些文件利用该漏洞获取敏感信息或注入任意Perl代码。
CVSS Information
N/A
Vulnerability Type
N/A