Back to search
CVE-2021-45821
Published: Mar 16, 2022
Modified: Aug 4, 2024
PUBLISHED
Description
A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order to get a remote code execution on the remote web server.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://emaragkos.gr/infosec-adventures/xbtit-3-1-sql-njection/
x_refsource_MISC
https://github.com/btiteam/xbtit-3.1/issues/6
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now