Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
CVE-2020-37244: Supsystic Membership 1.4.7 allows unauthorized database access
CVE-2020-37244
Summary
An attacker can use Supsystic Membership to access sensitive database information without permission. This is a serious issue because it allows unauthorized access to your database, potentially exposing sensitive data. To protect yourself, update to a secure version of Supsystic Membership or consider replacing it with a more secure alternative.
Original title
Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx'...
Original description
Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract sensitive database information using time-based blind or UNION-based SQL injection techniques.
nvd CVSS3.1
8.2
nvd CVSS4.0
8.8
Vulnerability type
CWE-89
SQL Injection
Published: 16 May 2026 · Updated: 28 May 2026 · First seen: 16 May 2026