Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2022-73498
HistoryMar 18, 2022 - 12:00 a.m.

Xbtit SQL Injection Vulnerability

2022-03-1800:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
xbtit
sql injection
version 3.1
ajaxchat
gethistorychatdata.php
sensitive data
remote code execution
security vulnerability

EPSS

0.005

Percentile

76.4%

JSON

Xbtit is an open source tracker software. version 3.1 of Xbtit is vulnerable to SQL injection, which stems from a missing filter escape for SQL statements in the sid parameter of the ajaxchat/getHistoryChatData.php file. An attacker could exploit this vulnerability to extract sensitive data such as usernames and passwords, and in some cases, use this vulnerability to execute remote code on a remote web server.

Related

prion 1
cvelist 1
nvd 1
cve 1
prion
prion
Sql injection
2022-03-16 15:15:00
cvelist
cvelist
CVE-2021-45821
2022-03-16 15:01:28
nvd
nvd
CVE-2021-45821
2022-03-16 15:15:16
cve
cve
CVE-2021-45821
2022-03-16 15:15:16

EPSS

0.005

Percentile

76.4%

JSON
Related for CNVD-2022-73498
prion1cvelist1nvd1cve1