Ultimate Maps by Supsystic, CVE-2020-37242

CVE, Research URL: CVE-2020-37242
Home page URL: Security reports for Ultimate Maps by Supsystic
Application: Ultimate Maps by Supsystic
Published on: May 16, 2026
Research Description: Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET parameter. Attackers can send crafted requests to the getListForTbl action with boolean-based blind or time-based blind SQL injection payloads to extract sensitive database information.
Affected versions: max 1.1.12.
Status: vulnerable