CVE-2010-0680

ZeusCMS 0.2 - Path Traversal via Page Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0680. PoCs published by ViRuSMaN.

AI-analyzed exploit summary The exploit demonstrates two vulnerabilities in ZeusCMS v0.2: a database backup disclosure (info_leak) and a local file inclusion (LFI) vulnerability. The PoC provides direct URLs to exploit these issues without requiring authentication.

Description

Directory traversal vulnerability in index.php in ZeusCMS 0.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ViRuSMaN · textwebappsphp

https://www.exploit-db.com/exploits/11437

View Code ZIP pw:eip

The exploit demonstrates two vulnerabilities in ZeusCMS v0.2: a database backup disclosure (info_leak) and a local file inclusion (LFI) vulnerability. The PoC provides direct URLs to exploit these issues without requiring authentication.

Classification

Working Poc 90%

Attack Type

Info Leak | Lfi

Complexity

Trivial

Reliability

Reliable

Target: ZeusCMS v0.2

No auth needed

Prerequisites: Access to the target web server

MITRE ATT&CK

T1005 - Data from Local System T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/38237

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/11437

Scores

EPSS 0.0232

EPSS Percentile 81.2%

Details

CWE

CWE-22

Status published

Products (1)

zeuscms/zeuscms 0.2

Published Feb 22, 2010

Tracked Since Feb 18, 2026