CVE-2018-25428

Name of the Vulnerable Software and Affected Versions Paroiciel version 11.20

Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code through the tRecIdListe parameter via GET requests to the 'trec.php' endpoint, enabling the extraction of database information such as table and column names.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.