CVE-2024-58309

UNKNOWN 0.0

xbtitFM 4.1.18 Unauthenticated SQL Injection in shoutedit.php

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database names, user credentials, and password hashes from the underlying database.

CWE	CWE-89
Vendor	xbtitfm
Product	xbtitfm
Published	Dec 11, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for xbtitfm xbtitfm

Be the first to know when new unknown vulnerabilities affecting xbtitfm xbtitfm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

xbtitfm / xbtitFM

4.1.18

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/51909 xbtitfm.eu: https://xbtitfm.eu vulncheck.com: https://www.vulncheck.com/advisories/xbtitfm-unauthenticated-sql-injection-in-shouteditphp

Credits

xbtitFM Team