https://feed.craftedsignal.io/products/paroiciel-11.20/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioMon, 01 Jun 2026 22:17:49 +0000https://feed.craftedsignal.io/briefs/2026-06-cve-2018-25430-sql-injection/Mon, 01 Jun 2026 22:17:49 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-06-cve-2018-25430-sql-injection/Paroiciel 11.20 contains an SQL injection vulnerability (CVE-2018-25430) that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter, potentially leading to sensitive data extraction.Paroiciel 11.20 is susceptible to an SQL injection vulnerability identified as CVE-2018-25430. Authenticated attackers can exploit this vulnerability by injecting malicious SQL code via the eGeqIdEquipe parameter. Successful exploitation allows attackers to execute arbitrary SQL queries. The vulnerability was reported on June 1, 2026. Successful exploitation can lead to the extraction of sensitive database information, including version details and other critical data. This poses a significant risk to organizations using the affected software.

Attack Chain

1. The attacker authenticates to the Paroiciel 11.20 application.
2. The attacker crafts a malicious SQL payload designed to extract sensitive data.
3. The attacker sends a GET request to the egeq.php endpoint.
4. The eGeqIdEquipe parameter within the GET request is injected with the malicious SQL payload.
5. The Paroiciel application processes the crafted GET request without proper sanitization of the eGeqIdEquipe parameter.
6. The injected SQL payload is executed against the underlying database.
7. Sensitive information, such as database version details, is extracted by the attacker.

Impact

Successful exploitation of the SQL injection vulnerability (CVE-2018-25430) in Paroiciel 11.20 can lead to the unauthorized disclosure of sensitive database information. This could include user credentials, configuration details, and other confidential data stored within the database. The CVSS v3.1 base score for this vulnerability is 7.1, indicating a high severity.

Recommendation

• Apply available patches or upgrade to a secure version of Paroiciel to remediate CVE-2018-25430.
• Deploy the Sigma rule “Detect CVE-2018-25430 Exploitation Attempt via eGeqIdEquipe Parameter” to identify potential exploitation attempts.
• Implement input validation and sanitization for all user-supplied input, especially the eGeqIdEquipe parameter, to prevent SQL injection attacks.

]]>highadvisorysql-injectioncve-2018-25430web-applicationhttps://feed.craftedsignal.io/briefs/2026-06-cve-2018-25429-sql-injection/Mon, 01 Jun 2026 22:17:36 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-06-cve-2018-25429-sql-injection/Paroiciel 11.20 is vulnerable to SQL injection, allowing authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter, potentially extracting sensitive database information.Paroiciel 11.20 is susceptible to an SQL injection vulnerability (CVE-2018-25429) that allows authenticated attackers to execute arbitrary SQL queries. This vulnerability stems from the lack of proper sanitization of the zProIdPro parameter in the zpro.php script. By sending malicious SQL payloads via GET requests, attackers can extract sensitive information, including usernames, database schemas, and version details. The vulnerability was reported on 2026-06-01 and poses a significant risk to systems running the affected version of Paroiciel. Exploitation of this vulnerability could lead to unauthorized access to sensitive data, potentially compromising the confidentiality and integrity of the application and its underlying database.

Attack Chain

1. An authenticated attacker identifies the vulnerable zpro.php endpoint.
2. The attacker crafts a malicious SQL payload designed to extract sensitive information.
3. The attacker injects the SQL payload into the zProIdPro parameter within a GET request to zpro.php.
4. The server-side application fails to properly sanitize the input, passing the malicious SQL query to the database.
5. The database executes the injected SQL query.
6. The database returns the results of the query, which may include usernames, database schemas, or version information.
7. The attacker captures the sensitive information from the HTTP response.
8. The attacker uses the extracted information to further compromise the system or gain unauthorized access to other resources.

Impact

Successful exploitation of this SQL injection vulnerability (CVE-2018-25429) in Paroiciel 11.20 can lead to the disclosure of sensitive database information. This could include usernames, passwords, database schemas, and other confidential data. The CVSS v3.1 score of 7.1 reflects the high potential for confidentiality impact and the potential for limited data modification. If successfully exploited, attackers can escalate privileges or gain unauthorized access to sensitive data, leading to data breaches and reputational damage.

Recommendation

• Deploy the Sigma rule provided to detect potential SQL injection attempts targeting the zProIdPro parameter in zpro.php.
• Apply input validation and sanitization to the zProIdPro parameter in zpro.php to prevent SQL injection, addressing CVE-2018-25429.
• Monitor web server logs for suspicious GET requests to zpro.php containing potentially malicious SQL payloads in the zProIdPro parameter.

]]>highadvisorysql-injectioncve-2018-25429web-applicationhttps://feed.craftedsignal.io/briefs/2026-06-cve-2018-25428-sql-injection/Mon, 01 Jun 2026 22:17:21 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-06-cve-2018-25428-sql-injection/Paroiciel 11.20 is vulnerable to SQL injection, allowing unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter via GET requests to the trec.php endpoint, enabling attackers to extract sensitive database information.Paroiciel 11.20 is susceptible to an SQL injection vulnerability, as identified by CVE-2018-25428. This flaw allows unauthenticated attackers to inject malicious SQL code through the tRecIdListe parameter in HTTP GET requests sent to the trec.php endpoint. Discovered in 2026, exploitation enables attackers to execute arbitrary SQL queries, potentially leading to the extraction of sensitive database information, including table and column names. Given the ease of exploitation (unauthenticated access), this vulnerability presents a significant risk for systems running Paroiciel 11.20. Defenders should prioritize detection and remediation efforts to mitigate the risk of unauthorized data access and potential compromise.

Attack Chain

1. The attacker identifies a Paroiciel 11.20 instance accessible over the network.
2. The attacker crafts a malicious HTTP GET request targeting the trec.php endpoint.
3. The crafted GET request includes the tRecIdListe parameter with an injected SQL payload designed to extract information.
4. The Paroiciel application processes the request without proper sanitization of the tRecIdListe parameter.
5. The injected SQL code is executed against the Paroiciel database.
6. The database returns the results of the injected SQL query, which could include table names, column names, and other sensitive data.
7. The attacker receives the database response containing the extracted information.
8. The attacker analyzes the extracted data to identify further targets for exploitation or exfiltration.

Impact

Successful exploitation of CVE-2018-25428 allows unauthenticated attackers to execute arbitrary SQL queries on the Paroiciel 11.20 database. This can lead to the extraction of sensitive information, potentially including usernames, passwords, customer data, and other confidential information stored within the database. The compromised data can then be used for further malicious activities, such as identity theft, financial fraud, or extortion. The lack of authentication required for exploitation significantly increases the risk.

Recommendation

• Deploy the Sigma rule Detect CVE-2018-25428 Exploitation — Paroiciel SQL Injection via tRecIdListe to your SIEM to identify potential exploitation attempts targeting the trec.php endpoint.
• Inspect web server logs for GET requests to trec.php containing suspicious characters or SQL keywords in the tRecIdListe parameter, as detailed in the rule.
• Consider implementing a Web Application Firewall (WAF) rule to block requests containing SQL injection payloads in the tRecIdListe parameter.
• Apply available patches or upgrade to a secure version of Paroiciel to remediate CVE-2018-25428.

]]>highadvisorysql-injectioncve-2018-25428web-applicationattack.initial_access