Attack Chain

1. An unauthenticated attacker identifies a WordPress website running Supsystic Ultimate Maps version 1.1.12.
2. The attacker crafts a malicious HTTP GET request targeting the getListForTbl action with a SQL injection payload in the sidx parameter.
3. The malicious GET request is sent to the WordPress website.
4. The WordPress plugin processes the request without proper sanitization of the sidx parameter.
5. The injected SQL code is executed against the website’s database.
6. The attacker uses boolean-based or time-based blind SQL injection techniques to extract data.
7. Sensitive information, such as usernames, passwords, or other database records, is retrieved.
8. The attacker exfiltrates the stolen data for malicious purposes.

Impact

Successful exploitation of CVE-2020-37242 can lead to the complete compromise of the vulnerable website’s database. Attackers can gain access to sensitive information, including user credentials, personal data, and other confidential data stored in the database. This can result in data breaches, identity theft, financial loss, and reputational damage for the website owner and its users. The CVSS v3.1 base score for this vulnerability is 8.2, indicating a high level of severity.

Recommendation

• Upgrade Supsystic Ultimate Maps to a patched version that addresses CVE-2020-37242 to remediate the SQL injection vulnerability.
• Deploy the Sigma rule Detect CVE-2020-37242 Exploitation — SQL Injection in Supsystic Ultimate Maps to your SIEM to detect exploitation attempts.
• Monitor web server logs for suspicious GET requests to the getListForTbl action containing SQL injection payloads in the sidx parameter as covered by the detection rule.