CVE-2018-25430: Paroiciel 11.20 SQL Injection Vulnerability

Paroiciel 11.20 is susceptible to an SQL injection vulnerability identified as CVE-2018-25430. Authenticated attackers can exploit this vulnerability by injecting malicious SQL code via the eGeqIdEquipe parameter. Successful exploitation allows attackers to execute arbitrary SQL queries. The vulnerability was reported on June 1, 2026. Successful exploitation can lead to the extraction of sensitive database information, including version details and other critical data. This poses a significant risk to organizations using the affected software.

Attack Chain

1. The attacker authenticates to the Paroiciel 11.20 application.
2. The attacker crafts a malicious SQL payload designed to extract sensitive data.
3. The attacker sends a GET request to the egeq.php endpoint.
4. The eGeqIdEquipe parameter within the GET request is injected with the malicious SQL payload.
5. The Paroiciel application processes the crafted GET request without proper sanitization of the eGeqIdEquipe parameter.
6. The injected SQL payload is executed against the underlying database.
7. Sensitive information, such as database version details, is extracted by the attacker.

Impact

Successful exploitation of the SQL injection vulnerability (CVE-2018-25430) in Paroiciel 11.20 can lead to the unauthorized disclosure of sensitive database information. This could include user credentials, configuration details, and other confidential data stored within the database. The CVSS v3.1 base score for this vulnerability is 7.1, indicating a high severity.

Recommendation

• Apply available patches or upgrade to a secure version of Paroiciel to remediate CVE-2018-25430.
• Deploy the Sigma rule “Detect CVE-2018-25430 Exploitation Attempt via eGeqIdEquipe Parameter” to identify potential exploitation attempts.
• Implement input validation and sanitization for all user-supplied input, especially the eGeqIdEquipe parameter, to prevent SQL injection attacks.