VYPR

xbtitFM

by xbtitFM

CVEs (5)

  • CVE-2021-45821HigMar 16, 2022
    risk 0.57cvss 8.8epss 0.03

    A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this…

  • CVE-2021-45822MedMar 16, 2022
    risk 0.40cvss 6.1epss 0.01

    A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the "n" (POST) parameter. Through this vulnerability, an attacker is capable to execute malicious…

  • CVE-2024-58313Dec 11, 2025
    risk 0.00cvss epss 0.01

    xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the file_hosting feature. Attackers can bypass file type restrictions by modifying the Content-Type…

  • CVE-2024-58312Dec 11, 2025
    risk 0.00cvss epss 0.01

    xbtitFM 4.1.18 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like using encoded path traversal…

  • CVE-2024-58309Dec 11, 2025
    risk 0.00cvss epss 0.01

    xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to…

VYPR — Vulnerability Intelligence