CVE-2012-5878

Name of the Vulnerable Software and Affected Versions: Bulb Security Smartphone Pentest Framework (SPF) versions 0.1.2 through 0.1.4

Description: The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the appURLPath parameter to frameworkgui/attachMobileModem.pl.

Recommendations: For versions 0.1.2 through 0.1.4, consider disabling the SEAttack.pl and CSAttack.pl scripts in frameworkgui/ and restrict access to the attachMobileModem.pl script until a patch is available. Avoid using the hostingPath and appURLPath parameters in the affected scripts until the issue is resolved.