Paroiciel — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/vendors/paroiciel/Trending threats, MITRE ATT&CK coverage, and detection metadata. Fed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioMon, 01 Jun 2026 22:17:36 +0000CVE-2018-25429: Paroiciel 11.20 SQL Injection Vulnerabilityhttps://feed.craftedsignal.io/briefs/2026-06-cve-2018-25429-sql-injection/Mon, 01 Jun 2026 22:17:36 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-06-cve-2018-25429-sql-injection/Paroiciel 11.20 is vulnerable to SQL injection, allowing authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter, potentially extracting sensitive database information.Paroiciel 11.20 is susceptible to an SQL injection vulnerability (CVE-2018-25429) that allows authenticated attackers to execute arbitrary SQL queries. This vulnerability stems from the lack of proper sanitization of the zProIdPro parameter in the zpro.php script. By sending malicious SQL payloads via GET requests, attackers can extract sensitive information, including usernames, database schemas, and version details. The vulnerability was reported on 2026-06-01 and poses a significant risk to systems running the affected version of Paroiciel. Exploitation of this vulnerability could lead to unauthorized access to sensitive data, potentially compromising the confidentiality and integrity of the application and its underlying database.

Attack Chain

  1. An authenticated attacker identifies the vulnerable zpro.php endpoint.
  2. The attacker crafts a malicious SQL payload designed to extract sensitive information.
  3. The attacker injects the SQL payload into the zProIdPro parameter within a GET request to zpro.php.
  4. The server-side application fails to properly sanitize the input, passing the malicious SQL query to the database.
  5. The database executes the injected SQL query.
  6. The database returns the results of the query, which may include usernames, database schemas, or version information.
  7. The attacker captures the sensitive information from the HTTP response.
  8. The attacker uses the extracted information to further compromise the system or gain unauthorized access to other resources.

Impact

Successful exploitation of this SQL injection vulnerability (CVE-2018-25429) in Paroiciel 11.20 can lead to the disclosure of sensitive database information. This could include usernames, passwords, database schemas, and other confidential data. The CVSS v3.1 score of 7.1 reflects the high potential for confidentiality impact and the potential for limited data modification. If successfully exploited, attackers can escalate privileges or gain unauthorized access to sensitive data, leading to data breaches and reputational damage.

Recommendation

  • Deploy the Sigma rule provided to detect potential SQL injection attempts targeting the zProIdPro parameter in zpro.php.
  • Apply input validation and sanitization to the zProIdPro parameter in zpro.php to prevent SQL injection, addressing CVE-2018-25429.
  • Monitor web server logs for suspicious GET requests to zpro.php containing potentially malicious SQL payloads in the zProIdPro parameter.
]]>highadvisorysql-injectioncve-2018-25429web-application