CVE-2012-10039
ZEN Load Balancer Filelog Command Execution
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec() call without sanitation. An authenticated attacker can inject arbitrary shell commands, resulting in remote code execution as the root user.Β ZEN Load Balancer is the predecessor of ZEVENET and SKUDONET. The affected versions (2.0 and 3.0-rc1) are no longer supported. SKUDONET CE is the current community-maintained successor.
| CWE | CWE-78 |
| Vendor | zen load balancer |
| Product | zen load balancer |
| Published | Aug 11, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for zen load balancer zen load balancer
Be the first to know when new unknown vulnerabilities affecting zen load balancer zen load balancer are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
Affected Versions
ZEN Load Balancer / ZEN Load Balancer
2.0 3.0-rc1
References
web.archive.org: https://web.archive.org/web/20221203195056/https://itsecuritysolutions.org/2012-09-21-ZEN-Load-Balancer-v2.0-and-v3.0-rc1-multiple-vulnerabilities/ web.archive.org: https://web.archive.org/web/20111015031540/http://www.zenloadbalancer.com/ raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/zen_load_balancer_exec.rb exploit-db.com: https://www.exploit-db.com/exploits/21849 fortiguard.com: https://www.fortiguard.com/encyclopedia/ips/33335/zen-load-balancer-filelog-command-execution
Credits
bcoles