CVE-2018-25428EPSS p25.8%

CVE-2018-25428CVE-2018-25428

Description

Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers can send GET requests to the trec.php endpoint with crafted SQL payloads to extract database information including table and column names.

Scoring

CVSS 8.2 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
EPSS0.34% probability of exploitation · percentile 25.8% · 2026-06-19T12:03:05Z
Last modified2026-06-02

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2018-25430
CVE
CVE-2018-25429
CVE
CVE-2018-25413
CVE
CVE-2018-25420
CVE
CVE-2018-25418
CVE
CVE-2018-25425
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.