Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
CVE-2018-25422: MOGG web simulator SQL Injection: Unauthenticated Access to Database
CVE-2018-25422
Summary
The MOGG web simulator is vulnerable to SQL injection attacks. This means that attackers can access sensitive information in the database, such as usernames, without needing a password. To protect against this, update the MOGG web simulator to fix the SQL injection issue or restrict access to the id parameter.
Original title
MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attac...
Original description
MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attackers can send GET requests to play.php with crafted SQL payloads in the id parameter to extract sensitive database information including usernames and other data.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 30 May 2026 · Updated: 1 Jun 2026 · First seen: 30 May 2026