CVE-2012-10039 in ZEN Load Balancerinfo

Zusammenfassung

von MITRE • 11.08.2025

ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec() call without sanitation. An authenticated attacker can inject arbitrary shell commands, resulting in remote code execution as the root user. ZEN Load Balancer is the predecessor of ZEVENET and SKUDONET. The affected versions (2.0 and 3.0-rc1) are no longer supported. SKUDONET CE is the current community-maintained successor.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

VulnCheck

Reservieren

07.08.2025

Veröffentlichung

11.08.2025

Moderieren

akzeptiert

Eintrag

VDB-319425

CPE

bereit

CWE

CWE-78 (bestätigt)

CVSS

8.8 (VulDB)

EPSS

0.47846

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-10039
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-10039
CVE Details	https://www.cvedetails.com/cve/CVE-2012-10039/

◂ Zurück Übersicht Weiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!