Unrated severityNVD Advisory· Published Mar 16, 2022· Updated Aug 4, 2024

CVE-2021-45821

Description

A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order to get a remote code execution on the remote web server.

Affected products

Xbtit/Xbtitdescription
Bti Tracker/Xbtitllm-create
Range: = 3.1
xbtitFM/xbtitFMllm-fuzzy
Range: = 3.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

emaragkos.gr/infosec-adventures/xbtit-3-1-sql-njection/mitrex_refsource_MISC
github.com/btiteam/xbtit-3.1/blob/master/ajaxchat/getHistoryChatData.phpmitrex_refsource_MISC
github.com/btiteam/xbtit-3.1/issues/6mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000