CVE-2018-25429
Published: 01 June 2026
Summary
CVE-2018-25429 is a high-severity SQL Injection (CWE-89) vulnerability in Sourceforge (inferred from references). Its CVSS base score is 7.1 (High).
Operationally, ranked at the 18.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-21950
Vulnerability details
Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can send GET requests to zpro.php with crafted SQL payloads in the zProIdPro parameter to…
more
extract sensitive database information including usernames, databases, and version details.
- CWE(s)
Related Threats
CVEs Like This One
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.