CVE-2018-25430: SQL Injection in Paroiciel 11.20 egeq.php – High Risk Vulnerability Guide
Paroiciel version 11.20 contains a SQL injection flaw in its egeq.php endpoint. Authenticated users can craft malicious requests that embed SQL commands into the eGeqIdEquipe parameter, allowing them to query the underlying database directly. This bypasses normal access controls and could expose sensitive information such as database version details and other stored data. The vulnerability requires valid login credentials, so it represents an insider threat or compromised-account scenario.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 7.1 HIGH · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
- Weaknesses (CWE)
- CWE-89
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-06-01 / 2026-06-17
NVD description (verbatim)
Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter. Attackers can send GET requests to the egeq.php endpoint with crafted SQL payloads to extract sensitive database information including version details and other data.
4 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2018-25430 is a server-side SQL injection vulnerability affecting Paroiciel 11.20. The flaw exists in the egeq.php script, specifically in how the eGeqIdEquipe parameter is processed. The application fails to properly sanitize or parameterize this input before incorporating it into SQL queries. An authenticated attacker can craft GET requests containing malicious SQL syntax—such as UNION SELECT statements or comment sequences—to execute arbitrary queries against the application's database backend. The vulnerability maps to CWE-89 (Improper Neutralization of Special Elements used in an SQL Command). While authentication is required, the attack surface remains significant in multi-user environments or where account compromise is plausible.
Business impact
SQL injection in authenticated workflows undermines data confidentiality and can lead to unauthorized information disclosure. An attacker with valid credentials—whether a disgruntled employee, a compromised contractor account, or a threat actor using stolen credentials—can extract sensitive customer data, intellectual property, internal records, or system configuration details. Database version and schema information disclosed via the vulnerability aids further reconnaissance. In regulated industries, such breaches trigger notification and remediation obligations, damage to customer trust, and potential compliance violations.
Affected systems
This vulnerability specifically affects Paroiciel version 11.20. Organizations running this version with the egeq.php endpoint accessible should prioritize assessment. The vendors_products field in the source data is empty, suggesting limited public documentation of deployment scope; verify your inventory against your Paroiciel installations. If you operate earlier or later versions of Paroiciel, consult vendor advisories to determine if they are affected.
Exploitability
Exploitability is moderate in practical terms. The flaw requires valid authentication, which limits opportunistic attacks but does not eliminate risk—compromised or insider accounts are common attack vectors. Once authenticated, no additional complexity is needed; a simple HTTP GET request with a malicious SQL payload will trigger the injection. Automated scanning tools and manual testing can easily confirm the presence of this vulnerability. Public proof-of-concept code or scanning signatures may exist, lowering the barrier for less-skilled attackers.
Remediation
Upgrade Paroiciel to a patched version released after this vulnerability was identified. Contact the vendor to obtain the specific version number and patch guidance applicable to your deployment. If an immediate patch is unavailable, implement input validation by whitelist (accepting only expected values for eGeqIdEquipe), use parameterized queries or prepared statements in the egeq.php code, and enforce principle of least privilege on database accounts used by the application. Monitor database activity logs for suspicious query patterns indicative of injection attempts.
Patch guidance
The vendor should have released patches after the vulnerability disclosure on 2026-06-01 and the last modification date of 2026-06-17. Check the official Paroiciel vendor website or your support portal for available updates. When patching becomes available, test it in a non-production environment first to confirm it resolves the SQL injection without breaking legitimate application functionality. Update your documentation to reflect the new version once deployed. Verify the patch by re-testing the eGeqIdEquipe parameter with known SQL injection payloads.
Detection guidance
Monitor HTTP request logs for GET requests to egeq.php containing suspicious characters or SQL syntax in the eGeqIdEquipe parameter, such as single quotes, semicolons, UNION, SELECT, OR, and comment sequences (--,%23). Enable database query logging to detect anomalous queries, such as unexpected UNION-based statements or SELECT operations outside normal workflow patterns. Use Web Application Firewall (WAF) rules to block requests matching common SQL injection patterns. Conduct code review and static application security testing (SAST) on the egeq.php file and related query-building logic.
Why prioritize this
Although this vulnerability is not yet listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, its HIGH CVSS score of 7.1, coupled with authenticated SQL injection in a production web application, merits prompt attention. The combination of high confidentiality impact, network accessibility, and straightforward exploitability makes it a priority for inventory, patching, and compensating controls. Organizations with Paroiciel 11.20 in use should treat this as a near-term remediation target, particularly if the affected endpoint is accessible to multiple internal users or if user accounts are frequently shared or compromised.
Risk score, explained
The CVSS v3.1 score of 7.1 (HIGH) reflects: Attack Vector = Network (accessible remotely), Attack Complexity = Low (no special conditions needed once authenticated), Privileges Required = Low (authentication is required but not admin-level access), User Interaction = None (the attack is automatic), Scope = Unchanged (impact is limited to the affected component), Confidentiality = High (sensitive data can be extracted), Integrity = Low (the attacker can modify data but the vulnerability primarily enables reads), and Availability = None (the flaw does not directly cause denial of service). This scoring appropriately emphasizes the information disclosure risk while acknowledging the authentication prerequisite.
Frequently asked questions
Is my system affected if I'm not actively using the egeq.php endpoint?
Even if egeq.php is not part of your normal workflow, it still exists in your codebase and is exploitable if an authenticated user accesses it directly. Attackers may discover and exploit endpoints that appear unused. Best practice is to patch regardless of perceived usage patterns, or disable the endpoint via access controls if it is not required.
Does this vulnerability allow database deletion or modification?
The CVSS vector shows Integrity = Low, meaning the vulnerability can modify data, but the primary risk is confidentiality—reading sensitive information. The SQL injection itself permits both data exfiltration and modification depending on the attacker's SQL commands. However, the vulnerability does not directly enable denial of service or destruction of the entire database.
If we've restricted egeq.php to a specific IP range, are we protected?
Network-level restrictions reduce exposure, but do not eliminate it. An attacker with a compromised internal account or access to that IP range can still exploit the flaw. Input validation and parameterized queries are necessary for robust protection. Use network controls as a compensating measure while working toward patching.
How can we confirm if an attacker has already exploited this in our environment?
Review database query logs for unusual SELECT or UNION-based statements executed by the Paroiciel application user account around the vulnerability publication date (2026-06-01) and afterward. Check web server access logs for GET requests to egeq.php with suspicious parameter values. Conduct a forensic audit of database change logs for unauthorized modifications, and review exported data for signs of exfiltration. Consider engaging incident response specialists if you identify suspicious activity.
This analysis is provided for informational purposes and reflects publicly disclosed vulnerability information as of the stated publication and modification dates. The vendor_products field in the source data was empty; organizations must independently verify their Paroiciel inventory and installed versions. Patch version numbers and specific vendor guidance should be confirmed directly with Paroiciel's official advisories and release notes. This content does not constitute professional security advice; consult qualified security professionals for assessment of your specific environment. No exploit code is provided herein. Organizations are responsible for testing patches in non-production environments before deployment to production systems. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Weaknesses (CWE)
Related vulnerabilities
- CVE-2018-25382HIGHZechat 1.5 SQL Injection Vulnerability – Unauthenticated Database Access
- CVE-2018-25385HIGHUnauthenticated SQL Injection in E-Registrasi Pencak Silat 18.10
- CVE-2018-25386HIGHSQL Injection in HaPe PKH 1.1 Admin Interface
- CVE-2018-25389HIGHSQL Injection in HaPe PKH 1.1 Database Extraction
- CVE-2018-25390HIGHUnauthenticated SQL Injection in HaPe PKH 1.1
- CVE-2018-25392HIGHSQL Injection in MaxOn ERP Software 8.x-9.x
- CVE-2018-25394HIGHSQL Injection in Kados R10 GreenBee Unauthenticated Remote Database Access
- CVE-2018-25395HIGHKados R10 GreenBee SQL Injection Vulnerability – Unauthenticated Database Access