Supsystic Pricing Table Plugin <= 1.8.7 SQL Injection Vulnerability (CVE-2020-37243)

Supsystic Pricing Table plugin version 1.8.7 is vulnerable to SQL injection via the ‘sidx’ GET parameter. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by manipulating the getListForTbl action. Additionally, the plugin contains stored cross-site scripting (XSS) vulnerabilities in the ‘Edit name’ and ‘Edit HTML’ fields. These XSS vulnerabilities allow attackers to inject malicious scripts that are executed when users view the affected pricing tables. Successful exploitation of the SQL injection vulnerability could allow an attacker to read, modify, or delete sensitive data from the WordPress database. The XSS vulnerability can lead to session hijacking or arbitrary script execution in the context of the user’s browser.

Attack Chain

1. An unauthenticated attacker identifies a WordPress site using the vulnerable Supsystic Pricing Table plugin version 1.8.7.
2. The attacker crafts a malicious HTTP GET request targeting the getListForTbl action, injecting SQL code into the ‘sidx’ parameter.
3. The WordPress server processes the request, and the injected SQL code is executed against the database.
4. The attacker uses the SQL injection vulnerability to extract sensitive data such as user credentials, API keys, or other confidential information.
5. The attacker leverages stored XSS vulnerabilities by injecting malicious scripts into the ‘Edit name’ or ‘Edit HTML’ fields of a pricing table.
6. A legitimate user views the pricing table containing the injected XSS payload.
7. The malicious script executes within the user’s browser, potentially stealing session cookies or redirecting the user to a phishing site.
8. The attacker uses the stolen session cookies to impersonate the user, gaining unauthorized access to the WordPress site.

Impact

Successful exploitation of the SQL injection vulnerability (CVE-2020-37243) can lead to complete database compromise, including unauthorized access to sensitive data, modification of website content, and potential privilege escalation. The stored XSS vulnerabilities allow attackers to inject malicious scripts that can hijack user sessions, deface websites, or redirect users to phishing sites. Given the widespread use of WordPress and its plugins, this vulnerability poses a significant risk to numerous websites and their users.

Recommendation

• Upgrade the Supsystic Pricing Table plugin to a version greater than 1.8.7 to patch the SQL injection vulnerability (CVE-2020-37243).
• Apply input validation and sanitization to all user-supplied data, especially GET parameters, to prevent SQL injection attacks.
• Implement a web application firewall (WAF) rule to detect and block SQL injection attempts targeting the ‘sidx’ GET parameter.
• Deploy the Sigma rule Detect CVE-2020-37243 Exploitation — Supsystic Pricing Table SQL Injection to identify malicious HTTP requests exploiting this vulnerability.
• Review pricing tables and sanitize suspicious content from ‘Edit name’ and ‘Edit HTML’ fields to mitigate stored XSS risks.