CVE-2024-58313

UNKNOWN 0.0

xbtitFM 4.1.18 Insecure File Upload in file_hosting Feature

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the file_hosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif, adding GIF89a magic bytes, and using alternate PHP tags to upload web shells that execute system commands.

CWE	CWE-434
Vendor	xbtitfm
Product	xbtitfm
Published	Dec 11, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for xbtitfm xbtitfm

Be the first to know when new unknown vulnerabilities affecting xbtitfm xbtitfm are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

xbtitfm / xbtitFM

4.1.18

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/51909 xbtitfm.eu: https://xbtitfm.eu vulncheck.com: https://www.vulncheck.com/advisories/xbtitfm-insecure-file-upload-in-filehosting-feature

Credits

xbtitFM Team