Unrated severityNVD Advisory· Published Oct 20, 2014· Updated May 6, 2026

CVE-2012-5695

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS message.

Affected products

Bulbsecurity/Smartphone Pentest Framework3 versions
cpe:2.3:a:bulbsecurity:smartphone_pentest_framework:0.1.2:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:bulbsecurity:smartphone_pentest_framework:0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:bulbsecurity:smartphone_pentest_framework:0.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:bulbsecurity:smartphone_pentest_framework:0.1.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.htbridge.com/advisory/HTB23123nvdExploit
www.htbridge.com/advisory/HTB23127nvdExploit
twitter.com/georgiaweidman/statuses/269138431567855618nvdVendor Advisory
osvdb.org/87327nvd
secunia.com/advisories/51415nvd
exchange.xforce.ibmcloud.com/vulnerabilities/80313nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000