What is GHSA-m4wp-hx6h-3pvv?

GHSA-m4wp-hx6h-3pvv is a security advisory published by GitHub Security Advisories with High severity. MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated...

Which CVE IDs does GHSA-m4wp-hx6h-3pvv cover?

GHSA-m4wp-hx6h-3pvv covers the following CVE IDs: CVE-2018-25422. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-m4wp-hx6h-3pvv?

GHSA-m4wp-hx6h-3pvv has a CVSS v3 base score of 8.2, published by GitHub Security Advisories.

GHSA-m4wp-hx6h-3pvvHighCVSS 8.2

MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated...

Vendor

GitHub Security Advisories

Published

May 30, 2026

Last Modified

May 30, 2026

🔗 CVE IDs covered (1)

CVE-2018-25422 →

📋 Description

MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attackers can send GET requests to play.php with crafted SQL payloads in the id parameter to extract sensitive database information including usernames and other data.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2018-25422
https://github.com/spider312/mtgas
https://www.exploit-db.com/exploits/45717
https://www.vulncheck.com/advisories/mogg-web-simulator-script-all-version-sql-injection-via-play-php
https://github.com/advisories/GHSA-m4wp-hx6h-3pvv