Primary

Context

xbtitFM SQL Injection Vulnerability in shoutedit.php

Vulnerability

A SQL injection vulnerability has been identified in xbtitFM version 4.1.18. This vulnerability allows remote attackers to execute malicious SQL queries by injecting SQL code through the msgid parameter in shoutedit.php. Exploitation of this vulnerability could lead to unauthorized access to database information, including database names, user credentials, and password hashes.

Impact

Exploitation of this vulnerability allows for unauthenticated SQL injection, enabling attackers to manipulate database queries and extract sensitive information such as database names, user credentials, and password hashes.

Reproduction

To reproduce this vulnerability, send a crafted request to the shoutedit.php file with the msgid parameter. Include SQL injection payloads that utilize the EXTRACTVALUE function to extract database information. This can be automated with tools like sqlmap.

Added: Dec 11, 2025, 10:26 PM

Updated: Dec 11, 2025, 10:26 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

1.4

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

xbtitFM SQL Injection Vulnerability in shoutedit.php

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating