CVE-2010-0681

ZeusCMS 0.2 - Information Disclosure via Direct Request for admin/backup.sql

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0681. PoCs published by ViRuSMaN.

AI-analyzed exploit summary The exploit demonstrates two vulnerabilities in ZeusCMS v0.2: a database backup disclosure (info_leak) and a local file inclusion (LFI) vulnerability. The PoC provides direct URLs to exploit these issues without requiring authentication.

Description

ZeusCMS 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for admin/backup.sql.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ViRuSMaN · textwebappsphp

https://www.exploit-db.com/exploits/11437

View Code ZIP pw:eip

The exploit demonstrates two vulnerabilities in ZeusCMS v0.2: a database backup disclosure (info_leak) and a local file inclusion (LFI) vulnerability. The PoC provides direct URLs to exploit these issues without requiring authentication.

Classification

Working Poc 90%

Attack Type

Info Leak | Lfi

Complexity

Trivial

Reliability

Reliable

Target: ZeusCMS v0.2

No auth needed

Prerequisites: Access to the target web server

MITRE ATT&CK

T1005 - Data from Local System T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/11437

Scores

EPSS 0.0217

EPSS Percentile 79.9%

Details

CWE

CWE-264

Status published

Products (1)

zeuscms/zeuscms 0.2

Published Feb 22, 2010

Tracked Since Feb 18, 2026