SQL Injection Vulnerability in Paroiciel 11.20
CVE-2018-25429

7.1HIGH

Key Information:

Vendor

Paroiciel

Status
Paroiciel
Vendor
CVE Published:
1 June 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2018-25429?

Paroiciel 11.20 is susceptible to an SQL injection vulnerability that can be exploited by authenticated attackers. By injecting malicious SQL code into the zProIdPro parameter and sending crafted GET requests to the zpro.php file, attackers can execute arbitrary SQL queries. This could lead to the extraction of sensitive database information, such as usernames and database details. It's essential for users to be aware of this vulnerability and to take precautionary measures to mitigate potential risks.

Affected Version(s)

Paroiciel 11.20

References

https://www.exploit-db.com/exploits/45810
exploit
https://www.paroiciel.com/
product
https://datapacket.dl.sourceforge.net/project/paroiciel/v...
product

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ihsan Sencan
.