{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2018-25428/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2018-25428"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Paroiciel 11.20"],"_cs_severities":["high"],"_cs_tags":["sql-injection","cve-2018-25428","web-application","attack.initial_access"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eParoiciel 11.20 is susceptible to an SQL injection vulnerability, as identified by CVE-2018-25428. This flaw allows unauthenticated attackers to inject malicious SQL code through the \u003ccode\u003etRecIdListe\u003c/code\u003e parameter in HTTP GET requests sent to the \u003ccode\u003etrec.php\u003c/code\u003e endpoint. Discovered in 2026, exploitation enables attackers to execute arbitrary SQL queries, potentially leading to the extraction of sensitive database information, including table and column names. Given the ease of exploitation (unauthenticated access), this vulnerability presents a significant risk for systems running Paroiciel 11.20. Defenders should prioritize detection and remediation efforts to mitigate the risk of unauthorized data access and potential compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a Paroiciel 11.20 instance accessible over the network.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP GET request targeting the \u003ccode\u003etrec.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe crafted GET request includes the \u003ccode\u003etRecIdListe\u003c/code\u003e parameter with an injected SQL payload designed to extract information.\u003c/li\u003e\n\u003cli\u003eThe Paroiciel application processes the request without proper sanitization of the \u003ccode\u003etRecIdListe\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code is executed against the Paroiciel database.\u003c/li\u003e\n\u003cli\u003eThe database returns the results of the injected SQL query, which could include table names, column names, and other sensitive data.\u003c/li\u003e\n\u003cli\u003eThe attacker receives the database response containing the extracted information.\u003c/li\u003e\n\u003cli\u003eThe attacker analyzes the extracted data to identify further targets for exploitation or exfiltration.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2018-25428 allows unauthenticated attackers to execute arbitrary SQL queries on the Paroiciel 11.20 database. This can lead to the extraction of sensitive information, potentially including usernames, passwords, customer data, and other confidential information stored within the database. The compromised data can then be used for further malicious activities, such as identity theft, financial fraud, or extortion. The lack of authentication required for exploitation significantly increases the risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect CVE-2018-25428 Exploitation — Paroiciel SQL Injection via tRecIdListe\u003c/code\u003e to your SIEM to identify potential exploitation attempts targeting the \u003ccode\u003etrec.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eInspect web server logs for GET requests to \u003ccode\u003etrec.php\u003c/code\u003e containing suspicious characters or SQL keywords in the \u003ccode\u003etRecIdListe\u003c/code\u003e parameter, as detailed in the rule.\u003c/li\u003e\n\u003cli\u003eConsider implementing a Web Application Firewall (WAF) rule to block requests containing SQL injection payloads in the \u003ccode\u003etRecIdListe\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eApply available patches or upgrade to a secure version of Paroiciel to remediate CVE-2018-25428.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-06-01T22:17:21Z","date_published":"2026-06-01T22:17:21Z","id":"https://feed.craftedsignal.io/briefs/2026-06-cve-2018-25428-sql-injection/","summary":"Paroiciel 11.20 is vulnerable to SQL injection, allowing unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter via GET requests to the trec.php endpoint, enabling attackers to extract sensitive database information.","title":"CVE-2018-25428: Paroiciel 11.20 SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-06-cve-2018-25428-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2018-25428","version":"https://jsonfeed.org/version/1.1"}