Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platformDD1 parameter to frameworkgui/attach2Agents.pl; the (6) modemPhoneNo, (7) controlKey, or (8) appURLPath parameter to frameworkgui/attachMobileModem.pl; the agentsDD parameter to (9) escalatePrivileges.pl, (10) getContacts.pl, (11) getDatabase.pl, (12) sendSMS.pl, or (13) takePic.pl in frameworkgui/; or the modemNoDD parameter to (14) escalatePrivileges.pl, (15) getContacts.pl, (16) getDatabase.pl, (17) SEAttack.pl, (18) sendSMS.pl, (19) takePic.pl, or (20) CSAttack.pl in frameworkgui/.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-10-20T16:00:00
Updated: 2024-08-06T21:14:16.351Z
Reserved: 2012-10-29T00:00:00
Link: CVE-2012-5694
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-10-20T16:55:05.713
Modified: 2024-11-21T01:45:08.520
Link: CVE-2012-5694
Redhat
No data.