cbcvebase.
CVE-2012-10039
published 2025-08-11

CVE-2012-10039: ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a…

PriorityP272critical9.4CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
2.45%
82.4th percentile
ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec() call without sanitation. An authenticated attacker can inject arbitrary shell commands, resulting in remote code execution as the root user. ZEN Load Balancer is the predecessor of ZEVENET and SKUDONET. The affected versions (2.0 and 3.0-rc1) are no longer supported. SKUDONET CE is the current community-maintained successor.

Affected

2 ranges
VendorProductVersion rangeFixed in
zen_load_balancerzen_load_balancer
zen_load_balancerzen_load_balancer

Detection & IOCsextracted from sources · hover to see the quote

path/content2-2.cgi
otherfilelog
  • Monitor HTTP requests to /content2-2.cgi containing shell metacharacters (backticks, semicolons, pipes, $(), etc.) in the 'filelog' parameter, which indicates command injection attempts.
  • Alert on any process spawned as root originating from a CGI process (content2-2.cgi) on ZEN Load Balancer 2.0 or 3.0-rc1, as successful exploitation results in RCE as root.
  • The filelog parameter is passed directly into a backtick-delimited exec() call without sanitation — look for unsanitized OS command execution patterns in CGI scripts on ZEN Load Balancer appliances.
  • ·Exploitation requires prior authentication; unauthenticated attackers cannot directly exploit this vulnerability.
  • ·Only ZEN Load Balancer versions 2.0 and 3.0-rc1 are affected; these versions are no longer supported. Successor products (SKUDONET CE, ZEVENET) are not listed as affected.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.