Unrated severityNVD Advisory· Published Dec 11, 2025· Updated Apr 7, 2026

xbtitFM 4.1.18 Unauthenticated SQL Injection in shoutedit.php

CVE-2024-58309

Description

xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database names, user credentials, and password hashes from the underlying database.

Affected products

xbtitFM/xbtitFMllm-fuzzy
xbtitfm/xbtitFMv5
Range: 4.1.18

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/51909mitreexploit
www.vulncheck.com/advisories/xbtitfm-unauthenticated-sql-injection-in-shouteditphpmitrethird-party-advisory
xbtitfm.eumitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000