Primary

Context

Paroiciel SQL Injection Vulnerability in eGeqIdEquipe Parameter

Vulnerability

A SQL injection vulnerability has been identified in Paroiciel version 11.20. This vulnerability allows authenticated attackers to execute arbitrary SQL queries by injecting malicious payloads through the eGeqIdEquipe parameter. Exploitation involves sending crafted GET requests to the egeq.php endpoint, which can lead to the extraction of sensitive database information, including version details and other data.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, which could be used to manipulate the database or extract sensitive information.

Reproduction

To reproduce this vulnerability, send a GET request to the egeq.php endpoint with the eGeqIdEquipe parameter. Inject a crafted SQL payload that exploits the application's SQL query handling. The server response should indicate successful exploitation, such as returning database information or application data that should not be accessible.

Added: Jun 1, 2026, 11:07 PM

Updated: Jun 1, 2026, 11:07 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

6.6

remediation

0.0

relevance

9.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

6.6

remediation

0.0

relevance

9.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Paroiciel SQL Injection Vulnerability in eGeqIdEquipe Parameter

Vulnerability

Impact

Reproduction

Affected Products

Paroiciel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating