EUVD-2018-21950

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can send GET requests to zpro.php with crafted SQL payloads in the zProIdPro parameter to extract...

EUVD-2018-21949

Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers can send GET requests to the trec.php endpoint with crafted SQL payloads to extract database...

EUVD-2018-21951

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter. Attackers can send GET requests to the egeq.php endpoint with crafted SQL payloads to extract sensitive...

CVE-2018-25429

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can send GET requests to zpro.php with crafted SQL payloads in the zProIdPro parameter to extract...

CVE-2018-25430

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter. Attackers can send GET requests to the egeq.php endpoint with crafted SQL payloads to extract sensitive...

CVE-2018-25428

Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers can send GET requests to the trec.php endpoint with crafted SQL payloads to extract database...

CVE-2018-25429

Paroiciel 11.20 contains an SQL injection in zpro.php via the zProIdPro parameter, exploitable by authenticated users to run arbitrary SQL and exfiltrate sensitive DB info (usernames, databases, version). CVSS 4.0/3.1 base scores are HIGH (7.1) with NETWORK attack vector and LOW privileges requir...

CVE-2018-25430

Paroiciel 11.20 contains an SQL injection vulnerability in the egeq.php endpoint, exploitable by an authenticated user via the egeqIdEquipe parameter in GET requests to execute arbitrary SQL and extract sensitive database information (including version details). This aligns with the CVSS metrics ...

CVE-2018-25430 Paroiciel 11.20 SQL Injection via eGeqIdEquipe Parameter

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter. Attackers can send GET requests to the egeq.php endpoint with crafted SQL payloads to extract sensitive...

CVE-2018-25430 Paroiciel 11.20 SQL Injection via eGeqIdEquipe Parameter

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter. Attackers can send GET requests to the egeq.php endpoint with crafted SQL payloads to extract sensitive...

CVE-2018-25429 Paroiciel 11.20 SQL Injection via zProIdPro Parameter

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can send GET requests to zpro.php with crafted SQL payloads in the zProIdPro parameter to extract...

CVE-2018-25429 Paroiciel 11.20 SQL Injection via zProIdPro Parameter

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can send GET requests to zpro.php with crafted SQL payloads in the zProIdPro parameter to extract...

CVE-2018-25428 Paroiciel 11.20 SQL Injection via tRecIdListe Parameter

Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers can send GET requests to the trec.php endpoint with crafted SQL payloads to extract database...

CVE-2018-25428

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2018-25428 Paroiciel 11.20 SQL Injection via tRecIdListe Parameter

Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers can send GET requests to the trec.php endpoint with crafted SQL payloads to extract database...

Paraiciel SQL injection vulnerability

Paroiciel is an parish management information system developed by the French company Paroiciel. Version 11.20 of Paroiciel contains a SQL injection vulnerability. This vulnerability stems from the tRecIdListe parameter, which allows for SQL injections. This could enable unauthenticated attackers ...

PT-2026-45620

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can send GET requests to zpro.php with crafted SQL payloads in the zProIdPro parameter to extract...

Paraiciel SQL injection vulnerability

Paroiciel is an parish management information system developed by the French company Paroiciel. Version 11.20 of Paroiciel contains a SQL injection vulnerability. This vulnerability stems from the eGeqIdEquipe parameter, which allows for SQL injections. This could enable authenticated attackers t...

Paraiciel SQL injection vulnerability

Paroiciel is an parish management information system developed by the French company Paroiciel. Version 11.20 of Paroiciel contains a SQL injection vulnerability. This vulnerability stems from the zProIdPro parameter, which allows for SQL injections. This could enable authenticated attackers to...

Paroiciel 11.20 - tRecIdListe SQL Injection

Paroiciel 11.20 - tRecIdListe SQL Injection Exploit Title: Paroiciel 11.20 - 'tRecIdListe' SQL Injection Dork: N/A Date: 2018-11-09 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.paroiciel.com/ Software Link:...