CVE-2018-17843
high-risk
Published 2019-05-24
SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Software 1.0, Level MLM Software 1.0, Singleleg MLM Software 1.0, Autopool MLM Software 1.0, Investment MLM Software 1.0, Bidding MLM Software 1.0, Moneyorder MLM Software 1.0, Repurchase MLM Software 1.0, and Gift MLM Software 1.0 via the member/readmsg.php msg_id parameter, the member/tree.php pid parameter, or the member/downline.php m_id parameter.
Do I need to act?
-
0.69% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (10)
Add Clicking Mlm Software
Autopool Mlm Software
Bidding Mlm Software
Binary Mlm Software
Gift Mlm Software
Investmen Mlm Software
Level Mlm Software
Moneyorder Mlm Software
Repurchase Mlm Software
Singleleg Mlm Software
Affected Vendors
References (4)
Third Party Advisory
https://www.exploit-db.com/author/?a=8844
Third Party Advisory
https://www.exploit-db.com/exploits/45511
Third Party Advisory
https://www.exploit-db.com/author/?a=8844
Third Party Advisory
https://www.exploit-db.com/exploits/45511
50
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
2/34 · Minimal
Exposure
16/34 · Moderate