What is CVE-2012-10039?

CVE-2012-10039 is a vulnerability in Zen Load Balancer, classified under OS Command Injection. Published 2025-08-11.

Is CVE-2012-10039 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Zen Load Balancer

CVE-2012-10039

ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec() call without sanitation. An authenticated attacker can inject…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.672 (98.6th percentile) — read the EPSS interpretation.

Affected products

Zen Load Balancer — versions 3.0-rc1, 2.0

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

References

web.archive.org/web/20221203195056/https://itsecuritysolutions.org/2012-09-21-Z… (technical-description, exploit)
web.archive.org/web/20111015031540/http://www.zenloadbalancer.com/ (product)
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/l… (exploit)
www.exploit-db.com/exploits/21849 (exploit)
www.fortiguard.com/encyclopedia/ips/33335/zen-load-balancer-filelog-command-exe… (third-party-advisory)

Frequently asked questions

What is CVE-2012-10039?: CVE-2012-10039 is a vulnerability in Zen Load Balancer, classified under OS Command Injection. Published 2025-08-11.
Is CVE-2012-10039 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.