Vendor
Supsystic Digital Publications Path Traversal and Stored XSS Vulnerability (CVE-2020-37245)
2 rules 1 TTP 1 CVESupsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field, allowing attackers to access sensitive files, and a stored XSS vulnerability due to improper input sanitization, leading to arbitrary script execution in the context of affected users (CVE-2020-37245).
CVE-2020-37244: Supsystic Membership 1.4.7 Unauthenticated SQL Injection Vulnerability
2 rules 1 TTP 1 CVESupsystic Membership version 1.4.7 is vulnerable to SQL injection (CVE-2020-37244), allowing unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters, potentially extracting sensitive database information.
Supsystic Pricing Table Plugin <= 1.8.7 SQL Injection Vulnerability (CVE-2020-37243)
2 rules 1 TTP 1 CVESupsystic Pricing Table plugin version 1.8.7 contains an SQL injection vulnerability via the 'sidx' GET parameter, enabling unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action, as well as stored XSS vulnerabilities.
Supsystic Ultimate Maps SQL Injection Vulnerability (CVE-2020-37242)
1 rule 1 TTP 1 CVESupsystic Ultimate Maps 1.1.12 is vulnerable to SQL injection via the 'sidx' GET parameter, allowing unauthenticated attackers to execute arbitrary SQL queries and extract sensitive database information.