CVE-2018-25430
Deferred Deferred - Pending Action
SQL Injection in Paroiciel 11.20 via eGeqIdEquipe Parameter

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: VulnCheck

Description
Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter. Attackers can send GET requests to the egeq.php endpoint with crafted SQL payloads to extract sensitive database information including version details and other data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-22
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2018-25430
EUVD
EUVD-2018-21951
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
paroiciel 11.20 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The SQL injection vulnerability in Paroiciel 11.20 allows attackers to extract sensitive database information, which could include personal or protected data. Such unauthorized data access can lead to violations of data protection regulations like GDPR and HIPAA, which require safeguarding sensitive information against unauthorized disclosure.

By enabling attackers to retrieve sensitive information through SQL injection, this vulnerability undermines the confidentiality and integrity of data, potentially resulting in non-compliance with standards that mandate strict controls over data access and protection.

Executive Summary

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter.

Attackers can send specially crafted GET requests to the egeq.php endpoint with SQL payloads to extract sensitive database information, including version details and other data.

Impact Analysis

This vulnerability can allow attackers with authentication to execute arbitrary SQL commands on the database.

As a result, attackers may extract sensitive information from the database, such as version details and other confidential data, potentially leading to data breaches or further exploitation.

Detection Guidance

This vulnerability can be detected by monitoring for suspicious GET requests to the egeq.php endpoint that include the eGeqIdEquipe parameter with potentially malicious SQL injection payloads.

Commands to detect this may include using network traffic analysis tools or web server logs to search for unusual or crafted SQL code in the eGeqIdEquipe parameter.

  • Use grep or similar tools on web server logs to find requests to egeq.php with suspicious eGeqIdEquipe values, for example: grep 'egeq.php' access.log | grep 'eGeqIdEquipe='
  • Use network monitoring tools like tcpdump or Wireshark to capture HTTP GET requests and filter for egeq.php endpoint usage.
Mitigation Strategies

Immediate mitigation steps include restricting access to the egeq.php endpoint to only trusted authenticated users, as the vulnerability requires authentication.

Additionally, input validation and parameter sanitization should be implemented on the eGeqIdEquipe parameter to prevent SQL injection.

If possible, apply patches or updates from the vendor that address this vulnerability.

As a temporary measure, monitor and block suspicious requests targeting the egeq.php endpoint.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25430. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart