CVE-2010-4989

Ziggurat Farsi CMS - SQL Injection via main.asp grp Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4989. PoCs published by Arash Saadatfar.

AI-analyzed exploit summary This is a writeup describing a SQL injection vulnerability in Ziggurat Farsi CMS. It provides the vulnerable file path and parameter but lacks executable exploit code.

Description

SQL injection vulnerability in main.asp in Ziggurat Farsi CMS allows remote attackers to execute arbitrary SQL commands via the grp parameter.

Exploits (1)

exploitdb WRITEUP
by Arash Saadatfar · textwebappsasp
https://www.exploit-db.com/exploits/14192

This is a writeup describing a SQL injection vulnerability in Ziggurat Farsi CMS. It provides the vulnerable file path and parameter but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Ziggurat Farsi CMS
No auth needed
Prerequisites: Access to the vulnerable web application
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/60065
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/14192
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1688

Scores

EPSS 0.0100
EPSS Percentile 59.0%

Details

CWE
CWE-89
Status published
Products (1)
farsi-cms/ziggurat_farsi_cms
Published Nov 01, 2011
Tracked Since Feb 18, 2026