CVE-2012-5695

Sažetak

Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS message.

Reference

http://osvdb.org/87327
http://secunia.com/advisories/51415
https://exchange.xforce.ibmcloud.com/vulnerabilities/80313
https://twitter.com/georgiaweidman/statuses/269138431567855618
https://www.htbridge.com/advisory/HTB23123
https://www.htbridge.com/advisory/HTB23127

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-08-2017 - 01:32

Objavljeno

20-10-2014 - 16:55