CVE-2010-1054 Information

Description

Multiple SQL injection vulnerabilities in ParsCMS allow remote attackers to execute arbitrary SQL commands via the RP parameter to (1) fa_default.asp and (2) en_default.asp.

Reference

http://osvdb.org/62999 http://osvdb.org/63000 http://packetstormsecurity.org/1003-exploits/parscms-sql.txt http://secunia.com/advisories/39007 http://www.securityfocus.com/archive/1/510066/100/0/threaded http://www.securityfocus.com/bid/38734