How to fix CVE-2018-25165?

Within 24 hours: Inventory all systems running Galaxy Forces MMORPG 0.5.8 and isolate affected instances from production networks if possible. Within 7 days: Deploy WAF rules to filter malicious SQL patterns in the 'type' parameter and implement database query monitoring. Within 30 days: Evaluate migration to an alternative game platform or conduct code review to develop internal patches; if continued use is required, implement strict input validation and parameterized queries as emergency mitigations.

Is PHP affected by CVE-2018-25165?

Galaxy Forces MMORPG 0.5.8 contains a critical SQL injection vulnerability that allows authenticated users to bypass application logic and access or modify the game database.

CVE-2018-25165

HIGH

2026-03-06 [email protected]

7.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

PoC Detected

Mar 09, 2026 - 13:35 vuln.today

Public exploit code

CVE Published

Mar 06, 2026 - 13:15 nvd

HIGH 7.1

Description

Galaxy Forces MMORPG 0.5.8 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'type' parameter. Attackers can send POST requests to ads.php with crafted SQL payloads in the type parameter to extract sensitive database information including usernames, databases, and version details.

Analysis

Technical Context

Classified as CWE-89 (SQL Injection). Galaxy Forces MMORPG 0.5.8 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'type' parameter. Attackers can send POST requests to ads.php with crafted SQL payloads in the type parameter to extract sensitive database information including usernames, databases, and version details.

Affected Products

Component: type.

Remediation

Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +36

POC: +20

CVE-2018-25165 vulnerability details – vuln.today

Back

CVE-2018-25165

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2018-25165

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code