Vulnerability Details CVE-2018-17843
SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Software 1.0, Level MLM Software 1.0, Singleleg MLM Software 1.0, Autopool MLM Software 1.0, Investment MLM Software 1.0, Bidding MLM Software 1.0, Moneyorder MLM Software 1.0, Repurchase MLM Software 1.0, and Gift MLM Software 1.0 via the member/readmsg.php msg_id parameter, the member/tree.php pid parameter, or the member/downline.php m_id parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2018-17843
-
cpe:2.3:a:mlmsoftwarez:add_clicking_mlm_software:1.0
-
cpe:2.3:a:mlmsoftwarez:autopool_mlm_software:1.0
-
cpe:2.3:a:mlmsoftwarez:bidding_mlm_software:1.0
-
cpe:2.3:a:mlmsoftwarez:binary_mlm_software:1.0
-
cpe:2.3:a:mlmsoftwarez:gift_mlm_software:1.0
-
cpe:2.3:a:mlmsoftwarez:investmen_mlm_software:1.0
-
cpe:2.3:a:mlmsoftwarez:level_mlm_software:1.0
-
cpe:2.3:a:mlmsoftwarez:moneyorder_mlm_software:1.0
-
cpe:2.3:a:mlmsoftwarez:repurchase_mlm_software:1.0
-
cpe:2.3:a:mlmsoftwarez:singleleg_mlm_software:1.0