CVE-2010-1054
published 2010-03-23CVE-2010-1054: Multiple SQL injection vulnerabilities in ParsCMS allow remote attackers to execute arbitrary SQL commands via the RP parameter to (1) fa_default.asp and (2)…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.15%
62.9th percentile
Multiple SQL injection vulnerabilities in ParsCMS allow remote attackers to execute arbitrary SQL commands via the RP parameter to (1) fa_default.asp and (2) en_default.asp.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
ParsCMS fa_default.asp RP sql injection (EDB-33761 / BID-38734)
vuldb·2026-05-03·CVSS 7.5
CVE-2010-1054 [HIGH] ParsCMS fa_default.asp RP sql injection (EDB-33761 / BID-38734)
A vulnerability was found in ParsCMS and classified as critical. Affected by this vulnerability is an unknown functionality of the file fa_default.asp. Executing a manipulation of the argument RP can lead to sql injection.
The identification of this vulnerability is CVE-2010-1054. The attack may be launched remotely. Furthermore, there is an exploit available.
GHSA
GHSA-jpr3-gccf-cvp4: Multiple SQL injection vulnerabilities in ParsCMS allow remote attackers to execute arbitrary SQL commands via the RP parameter to (1) fa_default
ghsa_unreviewed·2022-05-02
CVE-2010-1054 [HIGH] CWE-89 GHSA-jpr3-gccf-cvp4: Multiple SQL injection vulnerabilities in ParsCMS allow remote attackers to execute arbitrary SQL commands via the RP parameter to (1) fa_default
Multiple SQL injection vulnerabilities in ParsCMS allow remote attackers to execute arbitrary SQL commands via the RP parameter to (1) fa_default.asp and (2) en_default.asp.
Suricata
GPL FTP LIST directory traversal attempt
suricata·2010-09-23
CVE-2002-1054 GPL FTP LIST directory traversal attempt
GPL FTP LIST directory traversal attempt
Rule: alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL FTP LIST directory traversal attempt"; flow:established,to_server; content:"LIST"; nocase; content:".."; distance:1; content:".."; distance:1; reference:cve,2002-1054; reference:bugtraq,2618; reference:nessus,11112; reference:cve,2001-0680; classtype:protocol-command-decode; sid:2101992; rev:12; metadata:created_at 2010_09_23, cve CVE_2001_0680, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_26, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1083, mitre_technique_name File_And_Directory_Discovery; target:dest_ip;)
No writeups or analysis indexed.
http://osvdb.org/62999http://osvdb.org/63000http://packetstormsecurity.org/1003-exploits/parscms-sql.txthttp://secunia.com/advisories/39007http://www.securityfocus.com/archive/1/510066/100/0/threadedhttp://www.securityfocus.com/bid/38734http://osvdb.org/62999http://osvdb.org/63000http://packetstormsecurity.org/1003-exploits/parscms-sql.txthttp://secunia.com/advisories/39007http://www.securityfocus.com/archive/1/510066/100/0/threadedhttp://www.securityfocus.com/bid/38734
2010-03-23
Published