PT-2026-41444 · WordPress · Supsystic Membership

Published

2026-05-16

·

Updated

2026-05-16

·

CVE-2020-37244

CVSS v3.1

8.2

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Name of the Vulnerable Software and Affected Versions Supsystic Membership version 1.4.7
Description An issue allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search and sidx parameters. Attackers can send GET requests to the badges module using time-based blind or UNION-based SQL injection techniques to extract sensitive database information.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2020-37244

Affected Products

Supsystic Membership