CVE-2020-37242

HIGH

WordPress Plugin Supsystic Ultimate Maps 1.1.12 SQL Injection via sidx

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37242. PoCs published by Erik David Martin.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in WordPress Plugin Supsystic Ultimate Maps 1.1.12 via the 'sidx' GET parameter. It includes payloads for boolean-based blind and time-based blind SQL injection, leveraging sqlmap for exploitation.

Description

Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parameter. Attackers can send crafted requests to the getListForTbl action with boolean-based blind or time-based blind SQL injection payloads to extract sensitive database information.

Exploits (1)

exploitdb WORKING POC
by Erik David Martin · textwebappsphp
https://www.exploit-db.com/exploits/49532

The exploit demonstrates a SQL injection vulnerability in WordPress Plugin Supsystic Ultimate Maps 1.1.12 via the 'sidx' GET parameter. It includes payloads for boolean-based blind and time-based blind SQL injection, leveraging sqlmap for exploitation.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: WordPress Plugin Supsystic Ultimate Maps 1.1.12
Auth required
Prerequisites: WordPress admin access · sqlmap installed
devstral-2 · analyzed May 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit
ExploitDB-49532
https://www.exploit-db.com/exploits/49532
Product product
Official Product Homepage
https://supsystic.com/
Third Party Advisory third-party-advisory
VulnCheck Advisory: WordPress Plugin Supsystic Ultimate Maps 1.1.12 SQL Injection via sidx
https://www.vulncheck.com/advisories/wordpress-plugin-supsystic-ultimate-maps-sql-injection-via-sidx

Scores

CVSS v3 8.2
EPSS 0.0028
EPSS Percentile 19.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
Supsystic/Ultimate Maps 1.1.12
Published May 16, 2026
Tracked Since May 16, 2026