Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
CVE-2020-37242: Supsystic Ultimate Maps SQL injection risk through GET requests
CVE-2020-37242
Summary
An attacker can access sensitive database information without a password by sending a specific type of request to Supsystic Ultimate Maps. This means that an unauthorized person can potentially steal or view private data. We recommend updating to the latest version of Supsystic Ultimate Maps to fix this issue.
Original title
Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET para...
Original description
Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parameter. Attackers can send crafted requests to the getListForTbl action with boolean-based blind or time-based blind SQL injection payloads to extract sensitive database information.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 16 May 2026 · Updated: 28 May 2026 · First seen: 16 May 2026