CVE-2012-5686

CRITICAL

ZPanel 10.0.1 - Weak Password Recovery Mechanism

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5686. PoCs published by pcsjj.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in ZPanel <= 10.0.1, including CSRF, XSS, SQL injection, and a password reset weakness. It provides detailed HTTP requests to exploit these flaws, such as creating FTP users, injecting malicious scripts, and manipulating database content.

Description

ZPanel 10.0.1 has insufficient entropy for its password reset process.

Exploits (1)

exploitdb WORKING POC VERIFIED

by pcsjj · textwebappsmultiple

https://www.exploit-db.com/exploits/22490

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in ZPanel <= 10.0.1, including CSRF, XSS, SQL injection, and a password reset weakness. It provides detailed HTTP requests to exploit these flaws, such as creating FTP users, injecting malicious scripts, and manipulating database content.

Classification

Working Poc 95%

Attack Type

Sqli | Xss | Auth Bypass | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: ZPanel <= 10.0.1

Auth required

Prerequisites: Valid session cookie (PHPSESSID) · Network access to the target ZPanel instance

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry x_refsource_misc

http://www.securityfocus.com/bid/56400

Third Party Advisory, VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/79841

Scores

CVSS v3 9.8

EPSS 0.1444

EPSS Percentile 94.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-640 CWE-798

Status published

Products (1)

zpanelcp/zpanel 10.0.1

Published Feb 04, 2020

Tracked Since Feb 18, 2026