Which versions of PHP are affected by CVE-2018-25165?

Galaxy Forces MMORPG 0.5.8 contains a critical SQL injection vulnerability that allows authenticated users to bypass application logic and access or modify the game database.

Is there a public PoC exploit available for CVE-2018-25165?

Yes, a public proof-of-concept exploit is available for CVE-2018-25165. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2018-25165?

Within 24 hours: Inventory all systems running Galaxy Forces MMORPG 0.5.8 and isolate affected instances from production networks if possible. Within 7 days: Deploy WAF rules to filter malicious SQL patterns in the 'type' parameter and implement database query monitoring. Within 30 days: Evaluate migration to an alternative game platform or conduct code review to develop internal patches; if continued use is required, implement strict input validation and parameterized queries as emergency mitigations.

PHP CVE-2018-25165

Q: What is the CVSS score of CVE-2018-25165?

CVE-2018-25165 has a CVSS 4.0 base score of 7.1 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

HIGH

SQL Injection (CWE-89)

2026-03-06 disclosure@vulncheck.com

PHP SQLi

7.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.1 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

PoC Detected

Mar 09, 2026 - 13:35 vuln.today

Public exploit code

CVE Published

Mar 06, 2026 - 13:15 nvd

HIGH 7.1

DescriptionCVE.org

Galaxy Forces MMORPG 0.5.8 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'type' parameter. Attackers can send POST requests to ads.php with crafted SQL payloads in the type parameter to extract sensitive database information including usernames, databases, and version details.

AnalysisAI

Technical ContextAI

Classified as CWE-89 (SQL Injection). Galaxy Forces MMORPG 0.5.8 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'type' parameter. Attackers can send POST requests to ads.php with crafted SQL payloads in the type parameter to extract sensitive database information including usernames, databases, and version details.

Affected ProductsAI

Component: type.

RemediationAI

Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.