4 matches found
CVE-2018-25422
MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attackers can send GET requests to play.php with crafted SQL payloads in the id parameter to extract...
EUVD-2018-21944
MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attackers can send GET requests to play.php with crafted SQL payloads in the id parameter to extract...
CVE-2018-25422
CVE-2018-25422 affects the MOGG web simulator Script. The vulnerability is an SQL injection in the play.php script, exploitable via the id parameter to send crafted payloads and extract data (e.g., usernames) without authentication. The issue is classified as high severity on both CVSS v3.1 (8.2,...
PT-2019-14905 · Fusionpbx · Fusionpbx
Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 4.5.8 Description: The issue concerns an unsanitized filename variable in the recording play.php file, which is base64 decoded and reflected in HTML. This leads to a potential XSS issue. Recommendations: For...