CVE-2020-37244: Supsystic Membership SQLi Puts User Data at Risk
The National Vulnerability Database (NVD) reports CVE-2020-37244, a critical SQL injection vulnerability in Supsystic Membership 1.4.7. This flaw allows unauthenticated attackers to execute arbitrary SQL queries by manipulating the ‘search’ and ‘sidx’ parameters in GET requests to the badges module. This isn’t theoretical; attackers can craft payloads to extract sensitive database information, leveraging time-based blind or UNION-based SQL injection techniques.
This vulnerability carries a CVSS score of 8.2 (HIGH), indicating a severe risk. Its attack vector is network-based, requires no privileges or user interaction, and has high impact on confidentiality with low impact on integrity and availability. The core issue, CWE-89, highlights a failure to properly neutralize special elements used in an SQL command.
While the NVD does not specify affected products beyond the module and version, any organization using Supsystic Membership 1.4.7 is exposed. Attackers are constantly scanning for known vulnerabilities like this, and an unauthenticated SQLi is a golden ticket to data exfiltration. This isn’t about sophisticated APTs; script kiddies can weaponize this quickly.
What This Means For You
- If your organization uses Supsystic Membership 1.4.7, you are directly exposed to unauthenticated data theft. Prioritize patching or upgrading immediately. Audit your web server logs for suspicious GET requests to the badges module, specifically looking for anomalous strings in 'search' or 'sidx' parameters.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2020-37244: Supsystic Membership SQL Injection via Search/Sidx Parameters
title: CVE-2020-37244: Supsystic Membership SQL Injection via Search/Sidx Parameters
id: scw-2026-05-16-ai-1
status: experimental
level: critical
description: |
Detects SQL injection attempts targeting the Supsystic Membership plugin in WordPress by looking for specific SQL keywords within the 'sidx' and 'search' parameters in the URI query string. This is a direct indicator of exploitation for CVE-2020-37244.
author: SCW Feed Engine (AI-generated)
date: 2026-05-16
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2020-37244/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri-query|contains:
- 'sidx=CASE'
- 'search=CASE'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2020-37244 | SQLi | Supsystic Membership plugin version 1.4.7 |
| CVE-2020-37244 | SQLi | Vulnerable parameters: 'search', 'sidx' |
| CVE-2020-37244 | SQLi | Vulnerable module: badges |
| CVE-2020-37244 | SQLi | Attack vector: GET requests with crafted payloads |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 16, 2026 at 19:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
WordPress Plugin Backup and Restore: Arbitrary File Deletion Exposes Installations
CVE-2021-47979 — WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in...
TextPattern CMS RCE via Plugin Upload (CVE-2021-47976)
CVE-2021-47976 — TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP files by exploiting the plugin upload...
EgavilanMedia PHPCRUD SQLi Exposes Unauthenticated Data Access
CVE-2021-47956 — EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname...