Search criteria
2 vulnerabilities found for MOGG web simulator Script by spider312
CVE-2018-25422 (GCVE-0-2018-25422)
Vulnerability from nvd – Published: 2026-05-30 14:55 – Updated: 2026-05-30 14:55
VLAI
Title
MOGG web simulator Script All Version SQL Injection via play.php
Summary
MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attackers can send GET requests to play.php with crafted SQL payloads in the id parameter to extract sensitive database information including usernames and other data.
Severity
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45717 | exploit |
| https://github.com/spider312/mtgas | product |
| https://www.vulncheck.com/advisories/mogg-web-sim… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| spider312 | MOGG web simulator Script |
Affected:
-
|
Date Public
2018-10-29 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "MOGG web simulator Script",
"vendor": "spider312",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Meisam Monsef - meisamrce@gmail.com - @meisamrce -"
}
],
"datePublic": "2018-10-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attackers can send GET requests to play.php with crafted SQL payloads in the id parameter to extract sensitive database information including usernames and other data."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-30T14:55:26.042Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-45717",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45717"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://github.com/spider312/mtgas"
},
{
"name": "VulnCheck Advisory: MOGG web simulator Script All Version SQL Injection via play.php",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/mogg-web-simulator-script-all-version-sql-injection-via-play-php"
}
],
"title": "MOGG web simulator Script All Version SQL Injection via play.php",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25422",
"datePublished": "2026-05-30T14:55:26.042Z",
"dateReserved": "2026-05-30T13:03:26.740Z",
"dateUpdated": "2026-05-30T14:55:26.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-25422 (GCVE-0-2018-25422)
Vulnerability from cvelistv5 – Published: 2026-05-30 14:55 – Updated: 2026-05-30 14:55
VLAI
Title
MOGG web simulator Script All Version SQL Injection via play.php
Summary
MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attackers can send GET requests to play.php with crafted SQL payloads in the id parameter to extract sensitive database information including usernames and other data.
Severity
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45717 | exploit |
| https://github.com/spider312/mtgas | product |
| https://www.vulncheck.com/advisories/mogg-web-sim… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| spider312 | MOGG web simulator Script |
Affected:
-
|
Date Public
2018-10-29 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "MOGG web simulator Script",
"vendor": "spider312",
"versions": [
{
"status": "affected",
"version": "-"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Meisam Monsef - meisamrce@gmail.com - @meisamrce -"
}
],
"datePublic": "2018-10-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attackers can send GET requests to play.php with crafted SQL payloads in the id parameter to extract sensitive database information including usernames and other data."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-30T14:55:26.042Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-45717",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45717"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://github.com/spider312/mtgas"
},
{
"name": "VulnCheck Advisory: MOGG web simulator Script All Version SQL Injection via play.php",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/mogg-web-simulator-script-all-version-sql-injection-via-play-php"
}
],
"title": "MOGG web simulator Script All Version SQL Injection via play.php",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25422",
"datePublished": "2026-05-30T14:55:26.042Z",
"dateReserved": "2026-05-30T13:03:26.740Z",
"dateUpdated": "2026-05-30T14:55:26.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}