Login Sign Up

CVE-2024-58309

9.8 CRITICAL
SQL Injection

📋 TL;DR

CVE-2024-58309 is an unauthenticated SQL injection vulnerability in xbtitFM 4.1.18 that allows remote attackers to execute arbitrary SQL commands. Attackers can extract sensitive database information including user credentials and password hashes by sending crafted requests to /shoutedit.php. All systems running the vulnerable version are affected.

💻 Affected Systems

Products:
  • xbtitFM
Versions: 4.1.18
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects xbtitFM 4.1.18; earlier versions may also be vulnerable but unconfirmed.

📦 What is this software?

Xbtitfm by Xbtitfm

View all CVEs affecting Xbtitfm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to credential theft, data exfiltration, and potential system takeover via privilege escalation.

🟠

Likely Case

Extraction of user credentials and password hashes leading to account compromise and unauthorized access.

🟢

If Mitigated

Limited information disclosure if database permissions are restricted and sensitive data is encrypted.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code is publicly available on Exploit-DB and requires minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://xbtitfm.eu

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and parameterized queries for the msgid parameter in shoutedit.php.

Modify shoutedit.php to use prepared statements with parameterized queries

Web Application Firewall (WAF)

all

Deploy a WAF with SQL injection protection rules to block malicious requests.

Configure WAF to block requests containing EXTRACTVALUE and SQL keywords

🧯 If You Can't Patch

  • Restrict access to shoutedit.php using IP whitelisting or authentication.
  • Monitor and block requests containing EXTRACTVALUE function or SQL injection patterns.

🔍 How to Verify

Check if Vulnerable:

Send a crafted request to /shoutedit.php with msgid parameter containing SQL injection payload and check for database error responses.

Check Version:

Check xbtitFM version in configuration files or admin panel.

Verify Fix Applied:

Test the same exploit payload after implementing fixes; should return error or no sensitive data.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to /shoutedit.php with unusual msgid parameters
  • Database error logs showing SQL syntax errors

Network Indicators:

  • HTTP POST/GET requests containing EXTRACTVALUE function
  • Unusual database query patterns from web server

SIEM Query:

source="web_logs" AND uri="/shoutedit.php" AND (msgid CONTAINS "EXTRACTVALUE" OR msgid CONTAINS "UNION SELECT")

📊 Metadata

CVE ID: CVE-2024-58309
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
EPSS Score: 0.25% exploit probability (48.1th percentile)
Published: December 11, 2025
Last Updated: December 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-58309, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)