{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/paroiciel-11.20/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2018-25430"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Paroiciel 11.20"],"_cs_severities":["high"],"_cs_tags":["sql-injection","cve-2018-25430","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eParoiciel 11.20 is susceptible to an SQL injection vulnerability identified as CVE-2018-25430. Authenticated attackers can exploit this vulnerability by injecting malicious SQL code via the eGeqIdEquipe parameter. Successful exploitation allows attackers to execute arbitrary SQL queries. The vulnerability was reported on June 1, 2026. Successful exploitation can lead to the extraction of sensitive database information, including version details and other critical data. This poses a significant risk to organizations using the affected software.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker authenticates to the Paroiciel 11.20 application.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious SQL payload designed to extract sensitive data.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a GET request to the \u003ccode\u003eegeq.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eeGeqIdEquipe\u003c/code\u003e parameter within the GET request is injected with the malicious SQL payload.\u003c/li\u003e\n\u003cli\u003eThe Paroiciel application processes the crafted GET request without proper sanitization of the \u003ccode\u003eeGeqIdEquipe\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe injected SQL payload is executed against the underlying database.\u003c/li\u003e\n\u003cli\u003eSensitive information, such as database version details, is extracted by the attacker.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of the SQL injection vulnerability (CVE-2018-25430) in Paroiciel 11.20 can lead to the unauthorized disclosure of sensitive database information. This could include user credentials, configuration details, and other confidential data stored within the database. The CVSS v3.1 base score for this vulnerability is 7.1, indicating a high severity.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or upgrade to a secure version of Paroiciel to remediate CVE-2018-25430.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect CVE-2018-25430 Exploitation Attempt via eGeqIdEquipe Parameter\u0026rdquo; to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement input validation and sanitization for all user-supplied input, especially the \u003ccode\u003eeGeqIdEquipe\u003c/code\u003e parameter, to prevent SQL injection attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-06-01T22:17:49Z","date_published":"2026-06-01T22:17:49Z","id":"https://feed.craftedsignal.io/briefs/2026-06-cve-2018-25430-sql-injection/","summary":"Paroiciel 11.20 contains an SQL injection vulnerability (CVE-2018-25430) that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter, potentially leading to sensitive data extraction.","title":"CVE-2018-25430: Paroiciel 11.20 SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-06-cve-2018-25430-sql-injection/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.1,"id":"CVE-2018-25429"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Paroiciel 11.20"],"_cs_severities":["high"],"_cs_tags":["sql-injection","cve-2018-25429","web-application"],"_cs_type":"advisory","_cs_vendors":["Paroiciel"],"content_html":"\u003cp\u003eParoiciel 11.20 is susceptible to an SQL injection vulnerability (CVE-2018-25429) that allows authenticated attackers to execute arbitrary SQL queries. This vulnerability stems from the lack of proper sanitization of the \u003ccode\u003ezProIdPro\u003c/code\u003e parameter in the \u003ccode\u003ezpro.php\u003c/code\u003e script. By sending malicious SQL payloads via GET requests, attackers can extract sensitive information, including usernames, database schemas, and version details. The vulnerability was reported on 2026-06-01 and poses a significant risk to systems running the affected version of Paroiciel. Exploitation of this vulnerability could lead to unauthorized access to sensitive data, potentially compromising the confidentiality and integrity of the application and its underlying database.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authenticated attacker identifies the vulnerable \u003ccode\u003ezpro.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious SQL payload designed to extract sensitive information.\u003c/li\u003e\n\u003cli\u003eThe attacker injects the SQL payload into the \u003ccode\u003ezProIdPro\u003c/code\u003e parameter within a GET request to \u003ccode\u003ezpro.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe server-side application fails to properly sanitize the input, passing the malicious SQL query to the database.\u003c/li\u003e\n\u003cli\u003eThe database executes the injected SQL query.\u003c/li\u003e\n\u003cli\u003eThe database returns the results of the query, which may include usernames, database schemas, or version information.\u003c/li\u003e\n\u003cli\u003eThe attacker captures the sensitive information from the HTTP response.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the extracted information to further compromise the system or gain unauthorized access to other resources.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability (CVE-2018-25429) in Paroiciel 11.20 can lead to the disclosure of sensitive database information. This could include usernames, passwords, database schemas, and other confidential data. The CVSS v3.1 score of 7.1 reflects the high potential for confidentiality impact and the potential for limited data modification. If successfully exploited, attackers can escalate privileges or gain unauthorized access to sensitive data, leading to data breaches and reputational damage.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule provided to detect potential SQL injection attempts targeting the \u003ccode\u003ezProIdPro\u003c/code\u003e parameter in \u003ccode\u003ezpro.php\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eApply input validation and sanitization to the \u003ccode\u003ezProIdPro\u003c/code\u003e parameter in \u003ccode\u003ezpro.php\u003c/code\u003e to prevent SQL injection, addressing CVE-2018-25429.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious GET requests to \u003ccode\u003ezpro.php\u003c/code\u003e containing potentially malicious SQL payloads in the \u003ccode\u003ezProIdPro\u003c/code\u003e parameter.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-06-01T22:17:36Z","date_published":"2026-06-01T22:17:36Z","id":"https://feed.craftedsignal.io/briefs/2026-06-cve-2018-25429-sql-injection/","summary":"Paroiciel 11.20 is vulnerable to SQL injection, allowing authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter, potentially extracting sensitive database information.","title":"CVE-2018-25429: Paroiciel 11.20 SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-06-cve-2018-25429-sql-injection/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2018-25428"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Paroiciel 11.20"],"_cs_severities":["high"],"_cs_tags":["sql-injection","cve-2018-25428","web-application","attack.initial_access"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eParoiciel 11.20 is susceptible to an SQL injection vulnerability, as identified by CVE-2018-25428. This flaw allows unauthenticated attackers to inject malicious SQL code through the \u003ccode\u003etRecIdListe\u003c/code\u003e parameter in HTTP GET requests sent to the \u003ccode\u003etrec.php\u003c/code\u003e endpoint. Discovered in 2026, exploitation enables attackers to execute arbitrary SQL queries, potentially leading to the extraction of sensitive database information, including table and column names. Given the ease of exploitation (unauthenticated access), this vulnerability presents a significant risk for systems running Paroiciel 11.20. Defenders should prioritize detection and remediation efforts to mitigate the risk of unauthorized data access and potential compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a Paroiciel 11.20 instance accessible over the network.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP GET request targeting the \u003ccode\u003etrec.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe crafted GET request includes the \u003ccode\u003etRecIdListe\u003c/code\u003e parameter with an injected SQL payload designed to extract information.\u003c/li\u003e\n\u003cli\u003eThe Paroiciel application processes the request without proper sanitization of the \u003ccode\u003etRecIdListe\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code is executed against the Paroiciel database.\u003c/li\u003e\n\u003cli\u003eThe database returns the results of the injected SQL query, which could include table names, column names, and other sensitive data.\u003c/li\u003e\n\u003cli\u003eThe attacker receives the database response containing the extracted information.\u003c/li\u003e\n\u003cli\u003eThe attacker analyzes the extracted data to identify further targets for exploitation or exfiltration.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2018-25428 allows unauthenticated attackers to execute arbitrary SQL queries on the Paroiciel 11.20 database. This can lead to the extraction of sensitive information, potentially including usernames, passwords, customer data, and other confidential information stored within the database. The compromised data can then be used for further malicious activities, such as identity theft, financial fraud, or extortion. The lack of authentication required for exploitation significantly increases the risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect CVE-2018-25428 Exploitation — Paroiciel SQL Injection via tRecIdListe\u003c/code\u003e to your SIEM to identify potential exploitation attempts targeting the \u003ccode\u003etrec.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eInspect web server logs for GET requests to \u003ccode\u003etrec.php\u003c/code\u003e containing suspicious characters or SQL keywords in the \u003ccode\u003etRecIdListe\u003c/code\u003e parameter, as detailed in the rule.\u003c/li\u003e\n\u003cli\u003eConsider implementing a Web Application Firewall (WAF) rule to block requests containing SQL injection payloads in the \u003ccode\u003etRecIdListe\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eApply available patches or upgrade to a secure version of Paroiciel to remediate CVE-2018-25428.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-06-01T22:17:21Z","date_published":"2026-06-01T22:17:21Z","id":"https://feed.craftedsignal.io/briefs/2026-06-cve-2018-25428-sql-injection/","summary":"Paroiciel 11.20 is vulnerable to SQL injection, allowing unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter via GET requests to the trec.php endpoint, enabling attackers to extract sensitive database information.","title":"CVE-2018-25428: Paroiciel 11.20 SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-06-cve-2018-25428-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Paroiciel 11.20","version":"https://jsonfeed.org/version/1.1"}