HIGH
spider312
CVE published 2026-05-30
CVE-2018-25422
CVE-2018-25422 documents an unauthenticated SQL injection vulnerability in the MOGG web simulator Script. The flaw resides in the id parameter of play.php, where attacker-controlled input is incorporated directly into SQL queries without adequate sanitization or parameterization. Successful exploitation allows remote, unauthenticated attackers to execute arbitrary SQL commands, potentially extracting sens [truncated]