6 matches found
CVE-2018-25429
Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can send GET requests to zpro.php with crafted SQL payloads in the zProIdPro parameter to extract...
CVE-2018-25429
Paroiciel 11.20 contains an SQL injection in zpro.php via the zProIdPro parameter, exploitable by authenticated users to run arbitrary SQL and exfiltrate sensitive DB info (usernames, databases, version). CVSS 4.0/3.1 base scores are HIGH (7.1) with NETWORK attack vector and LOW privileges requir...
CVE-2018-25429 Paroiciel 11.20 SQL Injection via zProIdPro Parameter
Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can send GET requests to zpro.php with crafted SQL payloads in the zProIdPro parameter to extract...
CVE-2018-25429 Paroiciel 11.20 SQL Injection via zProIdPro Parameter
Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can send GET requests to zpro.php with crafted SQL payloads in the zProIdPro parameter to extract...
Paraiciel SQL injection vulnerability
Paroiciel is an parish management information system developed by the French company Paroiciel. Version 11.20 of Paroiciel contains a SQL injection vulnerability. This vulnerability stems from the zProIdPro parameter, which allows for SQL injections. This could enable authenticated attackers to...
Paroiciel 11.20 SQL Injection
Exploit Title: Paroiciel 11.20 - 'tRecIdListe' SQL Injection Dork: N/A Date: 2018-11-09 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.paroiciel.com/ Software Link: https://datapacket.dl.sourceforge.net/project/paroiciel/version%2011/par6lus1120160225.exe Version: 11.20 Category: Webap...