CVE-2018-17843

Name of the Vulnerable Software and Affected Versions ADD Clicking MLM Software version 1.0 Binary MLM Software version 1.0 Level MLM Software version 1.0 Singleleg MLM Software version 1.0 Autopool MLM Software version 1.0 Investment MLM Software version 1.0 Bidding MLM Software version 1.0 Moneyorder MLM Software version 1.0 Repurchase MLM Software version 1.0 Gift MLM Software version 1.0

Description The issue exists due to SQL injection in several MLM software products. This is caused by the msg id parameter in "member/readmsg.php", the pid parameter in "member/tree.php", or the m id parameter in "member/downline.php".

Recommendations For ADD Clicking MLM Software version 1.0, consider disabling the msg id parameter in "member/readmsg.php", the pid parameter in "member/tree.php", and the m id parameter in "member/downline.php" until a patch is available. For Binary MLM Software version 1.0, consider disabling the msg id parameter in "member/readmsg.php", the pid parameter in "member/tree.php", and the m id parameter in "member/downline.php" until a patch is available. For Level MLM Software version 1.0, consider disabling the msg id parameter in "member/readmsg.php", the pid parameter in "member/tree.php", and the m id parameter in "member/downline.php" until a patch is available. For Singleleg MLM Software version 1.0, consider disabling the msg id parameter in "member/readmsg.php", the pid parameter in "member/tree.php", and the m id parameter in "member/downline.php" until a patch is available. For Autopool MLM Software version 1.0, consider disabling the msg id parameter in "member/readmsg.php", the pid parameter in "member/tree.php", and the m id parameter in "member/downline.php" until a patch is available. For Investment MLM Software version 1.0, consider disabling the msg id parameter in "member/readmsg.php", the pid parameter in "member/tree.php", and the m id parameter in "member/downline.php" until a patch is available. For Bidding MLM Software version 1.0, consider disabling the msg id parameter in "member/readmsg.php", the pid parameter in "member/tree.php", and the m id parameter in "member/downline.php" until a patch is available. For Moneyorder MLM Software version 1.0, consider disabling the msg id parameter in "member/readmsg.php", the pid parameter in "member/tree.php", and the m id parameter in "member/downline.php" until a patch is available. For Repurchase MLM Software version 1.0, consider disabling the msg id parameter in "member/readmsg.php", the pid parameter in "member/tree.php", and the m id parameter in "member/downline.php" until a patch is available. For Gift MLM Software version 1.0, consider disabling the msg id parameter in "member/readmsg.php", the pid parameter in "member/tree.php", and the m id parameter in "member/downline.php" until a patch is available.