{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/mogg-web-simulator-script/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2018-25422"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["MOGG web simulator Script"],"_cs_severities":["high"],"_cs_tags":["sql-injection","web-application","cve"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eMOGG web simulator Script is susceptible to an SQL injection vulnerability (CVE-2018-25422). Unauthenticated attackers can exploit this flaw by injecting malicious SQL code through the \u003ccode\u003eid\u003c/code\u003e parameter in the \u003ccode\u003eplay.php\u003c/code\u003e script. Successful exploitation allows attackers to execute arbitrary SQL commands, potentially enabling them to extract sensitive database information, including usernames and other confidential data. The vulnerability poses a significant risk as it requires no authentication, making it easily exploitable by remote attackers. This vulnerability was reported on 2026-05-30.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies the vulnerable \u003ccode\u003eplay.php\u003c/code\u003e script within the MOGG web simulator.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious SQL payload designed to extract data or manipulate the database.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a GET request to \u003ccode\u003eplay.php\u003c/code\u003e, embedding the SQL payload in the \u003ccode\u003eid\u003c/code\u003e parameter (e.g., \u003ccode\u003eplay.php?id=1'+UNION+SELECT+username,password+FROM+users--\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe web application fails to properly sanitize the input from the \u003ccode\u003eid\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe application executes the attacker\u0026rsquo;s injected SQL code against the database.\u003c/li\u003e\n\u003cli\u003eThe database processes the malicious query and returns the requested sensitive information.\u003c/li\u003e\n\u003cli\u003eThe attacker captures the database response containing the extracted data (e.g., usernames, passwords).\u003c/li\u003e\n\u003cli\u003eThe attacker uses the extracted data for further malicious activities, such as unauthorized access or data breaches.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability can lead to the exposure of sensitive data, including usernames, passwords, and potentially other confidential information stored in the database. An attacker could leverage this access to compromise user accounts, gain unauthorized access to the system, or perform further malicious activities. Given the unauthenticated nature of the vulnerability, the risk is significantly elevated, potentially impacting all users of the MOGG web simulator Script.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply appropriate input validation and sanitization to the \u003ccode\u003eid\u003c/code\u003e parameter in \u003ccode\u003eplay.php\u003c/code\u003e to prevent SQL injection attacks.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect MOGG Web Simulator SQL Injection Attempt\u003c/code\u003e to identify and block malicious requests targeting the vulnerable \u003ccode\u003eplay.php\u003c/code\u003e script.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious GET requests to \u003ccode\u003eplay.php\u003c/code\u003e containing SQL injection payloads.\u003c/li\u003e\n\u003cli\u003eConsider using parameterized queries or prepared statements to prevent SQL injection vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-30T16:21:12Z","date_published":"2026-05-30T16:21:12Z","id":"https://feed.craftedsignal.io/briefs/2026-05-mogg-sql-injection/","summary":"MOGG web simulator Script is vulnerable to SQL injection (CVE-2018-25422), allowing unauthenticated attackers to execute arbitrary SQL commands via the id parameter in play.php, potentially leading to sensitive data extraction.","title":"MOGG web simulator Script SQL Injection Vulnerability (CVE-2018-25422)","url":"https://feed.craftedsignal.io/briefs/2026-05-mogg-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — MOGG Web Simulator Script","version":"https://jsonfeed.org/version/1.1"}