CVE-2011-0505

Zwii 2.1.1 - Remote File Inclusion via set[template][value] Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0505. PoCs published by Abdi Mohamed.

AI-analyzed exploit summary The exploit demonstrates a remote file inclusion vulnerability in Zwii v2.1.1 by manipulating the 'set[template][value]' parameter in system.php to include arbitrary files. This allows an attacker to execute remote code by injecting a malicious shell path.

Description

Directory traversal vulnerability in system/system.php in Zwii 2.1.1, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the set[template][value] parameter.

Exploits (1)

exploitdb WORKING POC
by Abdi Mohamed · textwebappsphp
https://www.exploit-db.com/exploits/15945

The exploit demonstrates a remote file inclusion vulnerability in Zwii v2.1.1 by manipulating the 'set[template][value]' parameter in system.php to include arbitrary files. This allows an attacker to execute remote code by injecting a malicious shell path.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Zwii v2.1.1
No auth needed
Prerequisites: Access to the target system.php file · Ability to host a malicious shell or file
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/15945
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0072
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42858
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/64557
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/45736
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/70395

Scores

EPSS 0.0245
EPSS Percentile 82.4%

Details

CWE
CWE-22
Status published
Products (1)
remi_jean/zwii 2.1.1
Published Jan 20, 2011
Tracked Since Feb 18, 2026