QwikSec

Security Database

CVE

CWE

Training

CVE-2024-58309

Published: Dec 11, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database names, user credentials, and password hashes from the underlying database.

Vendor	Product	Versions
xbtitfm	xbtitFM	affected `4.1.18`

Weaknesses (CWE)

References

ExploitDB-51909

exploit

Official Vendor Homepage

product

VulnCheck Advisory: xbtitFM 4.1.18 Unauthenticated SQL Injection in shoutedit.php

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.