CVE-2024-58290

UNKNOWN 0.0

Xhibiter NFT Marketplace 1.10.2 SQL Injection via Collections Endpoint

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or manipulate database information by sending crafted payloads to the collections page.

CWE	CWE-89
Vendor	elements
Product	xhibiter nft marketplace
Published	Dec 11, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for elements xhibiter nft marketplace

Be the first to know when new unknown vulnerabilities affecting elements xhibiter nft marketplace are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Elements / Xhibiter NFT Marketplace

1.10.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/52060 elements.envato.com: https://elements.envato.com/xhibiter-nft-marketplace-html-template-AQN45FA vulncheck.com: https://www.vulncheck.com/advisories/xhibiter-nft-marketplace-sql-injection-via-collections-endpoint

Credits

Sohel yousef