CVE-2018-17843 – This CVE describes a critical SQL injection vul... (How to Fix)

Q: What is the severity of CVE-2018-17843?

CVE-2018-17843 has a CVSS score of 9.8 (CRITICAL). This CVE describes a critical SQL injection vulnerability in multiple MLM software products from ADD Clicking. Attackers can exploit parameters in member scripts to execute arbitrary SQL commands, potentially compromising the entire database. All users running affected MLM software versions 1.0 are vulnerable.

📋 TL;DR

This CVE describes a critical SQL injection vulnerability in multiple MLM software products from ADD Clicking. Attackers can exploit parameters in member scripts to execute arbitrary SQL commands, potentially compromising the entire database. All users running affected MLM software versions 1.0 are vulnerable.

💻 Affected Systems

Products:

ADD Clicking MLM Software
Binary MLM Software
Level MLM Software
Singleleg MLM Software
Autopool MLM Software
Investment MLM Software
Bidding MLM Software
Moneyorder MLM Software
Repurchase MLM Software
Gift MLM Software

Versions: 1.0

Operating Systems: All platforms running PHP/MySQL

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in multiple endpoints: member/readmsg.php (msg_id parameter), member/tree.php (pid parameter), and member/downline.php (m_id parameter).

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data theft, data manipulation, authentication bypass, and potential remote code execution via database functions.

🟠

Likely Case

Unauthorized data access, user information theft, and potential privilege escalation within the MLM system.

🟢

If Mitigated

Limited impact with proper input validation and parameterized queries preventing SQL injection.

🌐 Internet-Facing: HIGH - The vulnerable endpoints are accessible via member interfaces, making internet-facing deployments extremely vulnerable.

🏢 Internal Only: HIGH - Even internal deployments are vulnerable to insider threats or compromised internal accounts.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires member-level access but SQL injection is straightforward once authenticated. Public exploit code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No vendor advisory found

Restart Required: No

Instructions:

No official patch available. Implement workarounds or migrate to alternative software.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Add input validation and parameterized queries to vulnerable PHP files

Edit member/readmsg.php, member/tree.php, and member/downline.php to use prepared statements with PDO or mysqli

Web Application Firewall (WAF)

all

Deploy WAF rules to block SQL injection patterns

Configure WAF to block requests containing SQL keywords in msg_id, pid, or m_id parameters

🧯 If You Can't Patch

Isolate the MLM software behind a reverse proxy with strict input filtering
Implement network segmentation to limit database access from the application server

🔍 How to Verify

Check if Vulnerable:

Test vulnerable endpoints with SQL injection payloads: member/readmsg.php?msg_id=1' OR '1'='1, member/tree.php?pid=1' OR '1'='1, member/downline.php?m_id=1' OR '1'='1

Check Version:

Check software version in admin panel or configuration files

Verify Fix Applied:

Attempt SQL injection tests after implementing parameterized queries and verify they no longer succeed

📡 Detection & Monitoring

Log Indicators:

Unusual SQL errors in application logs
Multiple failed login attempts followed by parameter manipulation
Requests with SQL keywords in msg_id, pid, or m_id parameters

Network Indicators:

Unusual database connection patterns from application server
Large data transfers from database to unexpected sources

SIEM Query:

source="web_logs" AND (msg_id="*' OR*" OR pid="*' OR*" OR m_id="*' OR*")

📊 Metadata

CVE ID: CVE-2018-17843

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: May 24, 2019

Last Updated: November 21, 2024

🔗 References

https://www.exploit-db.com/author/?a=8844 Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/45511 Third Party Advisory,VDB Entry
https://www.exploit-db.com/author/?a=8844 Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/45511 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-17843, you might also want to check these: