QwikSec

Security Database

CVE

CWE

Training

CVE-2024-58290

Published: Dec 11, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or manipulate database information by sending crafted payloads to the collections page.

Vendor	Product	Versions
Elements	Xhibiter NFT Marketplace	affected `1.10.2`

Weaknesses (CWE)

References

ExploitDB-52060

exploit

Official Vendor Homepage

VulnCheck Advisory: Xhibiter NFT Marketplace 1.10.2 SQL Injection via Collections Endpoint

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.