24 matches found
CVE-2024-58309
xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database...
CVE-2024-58312
xbtitFM 4.1.18 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like using encoded path traversal characters in HTTP...
CVE-2024-58313
xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the filehosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif,...
EUVD-2024-55344
xbtitFM 4.1.18 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like using encoded path traversal characters in HTTP...
EUVD-2024-55346
xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database...
EUVD-2024-55343
xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the filehosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif,...
CVE-2024-58313
xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the filehosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif,...
CVE-2024-58312
xbtitFM 4.1.18 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like using encoded path traversal characters in HTTP...
CVE-2024-58313
xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the filehosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif,...
CVE-2024-58312
xbtitFM 4.1.18 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like using encoded path traversal characters in HTTP...
CVE-2024-58313 xbtitFM 4.1.18 Insecure File Upload in file_hosting Feature
xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the filehosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif,...
CVE-2024-58313
CVE-2024-58313 affects xbtitFM 4.1.18 and describes an insecure file upload in the file_hosting feature. The root cause is a bypass of file-type checks through Content-Type header manipulation (image/gif), GIF89a bytes, and alternate PHP tags, enabling authenticated attackers with administrative ...
CVE-2024-58312
CVE-2024-58312 affects xbtitFM 4.1.18: a path traversal vulnerability in nfogen.php allows unauthenticated attackers to read sensitive system files by manipulating URL parameters, including encoded traversal characters. Root cause: directory traversal in HTTP parameter handling. Impact: potential...
CVE-2024-58312 xbtitFM 4.1.18 Unauthenticated Path Traversal in nfogen.php
xbtitFM 4.1.18 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like using encoded path traversal characters in HTTP...
CVE-2024-58312 xbtitFM 4.1.18 Unauthenticated Path Traversal in nfogen.php
xbtitFM 4.1.18 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like using encoded path traversal characters in HTTP...
CVE-2024-58309 xbtitFM 4.1.18 Unauthenticated SQL Injection in shoutedit.php
xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database...
CVE-2024-58309 xbtitFM 4.1.18 Unauthenticated SQL Injection in shoutedit.php
xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database...
PT-2025-50763
Name of the Vulnerable Software and Affected Versions xbtitFM version 4.1.18 Description xbtitFM 4.1.18 contains a path traversal issue that allows unauthenticated attackers to access sensitive system files. Attackers can manipulate URL parameters using directory traversal techniques, such as...
xbtitFM 路径遍历漏洞
xbtitFM is a BitTorrent tracker software by the individual developer of xbtitFM. A path traversal vulnerability exists in xbtitFM version 4.1.18, which stems from the presence of a path traversal in the URL parameter that could lead to the reading of sensitive system files...
xbtitFM SQL注入漏洞
xbtitFM is a BitTorrent tracker software by the individual developer of xbtitFM. An SQL injection vulnerability exists in xbtitFM version 4.1.18, which stems from an SQL injection in the msgid parameter that could lead to the extraction of database credentials...