Skip to content
Threat Feed
high advisory

CVE-2018-25429: Paroiciel 11.20 SQL Injection Vulnerability

Paroiciel 11.20 is vulnerable to SQL injection, allowing authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter, potentially extracting sensitive database information.

Paroiciel 11.20 is susceptible to an SQL injection vulnerability (CVE-2018-25429) that allows authenticated attackers to execute arbitrary SQL queries. This vulnerability stems from the lack of proper sanitization of the zProIdPro parameter in the zpro.php script. By sending malicious SQL payloads via GET requests, attackers can extract sensitive information, including usernames, database schemas, and version details. The vulnerability was reported on 2026-06-01 and poses a significant risk to systems running the affected version of Paroiciel. Exploitation of this vulnerability could lead to unauthorized access to sensitive data, potentially compromising the confidentiality and integrity of the application and its underlying database.

Attack Chain

  1. An authenticated attacker identifies the vulnerable zpro.php endpoint.
  2. The attacker crafts a malicious SQL payload designed to extract sensitive information.
  3. The attacker injects the SQL payload into the zProIdPro parameter within a GET request to zpro.php.
  4. The server-side application fails to properly sanitize the input, passing the malicious SQL query to the database.
  5. The database executes the injected SQL query.
  6. The database returns the results of the query, which may include usernames, database schemas, or version information.
  7. The attacker captures the sensitive information from the HTTP response.
  8. The attacker uses the extracted information to further compromise the system or gain unauthorized access to other resources.

Impact

Successful exploitation of this SQL injection vulnerability (CVE-2018-25429) in Paroiciel 11.20 can lead to the disclosure of sensitive database information. This could include usernames, passwords, database schemas, and other confidential data. The CVSS v3.1 score of 7.1 reflects the high potential for confidentiality impact and the potential for limited data modification. If successfully exploited, attackers can escalate privileges or gain unauthorized access to sensitive data, leading to data breaches and reputational damage.

Recommendation

  • Deploy the Sigma rule provided to detect potential SQL injection attempts targeting the zProIdPro parameter in zpro.php.
  • Apply input validation and sanitization to the zProIdPro parameter in zpro.php to prevent SQL injection, addressing CVE-2018-25429.
  • Monitor web server logs for suspicious GET requests to zpro.php containing potentially malicious SQL payloads in the zProIdPro parameter.

Detection coverage 2

Detect CVE-2018-25429 Exploitation — SQL Injection via zProIdPro Parameter

high

Detects CVE-2018-25429 exploitation — SQL injection attempts in Paroiciel 11.20 through the zProIdPro parameter

sigma tactics: initial_access techniques: T1190 sources: webserver

Detect Suspicious Characters in zProIdPro Parameter

medium

Detects the presence of common SQL injection characters in the zProIdPro parameter of zpro.php

sigma tactics: initial_access techniques: T1190 sources: webserver

Detection queries are available on the platform. Get full rules →