Home

Description

xbtitFM 4.1.18 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like using encoded path traversal characters in HTTP requests.

PUBLISHED Reserved 2025-12-11 | Published 2025-12-11 | Updated 2025-12-16 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
unaffected

4.1.18
affected

Credits

xbtitFM Team finder

References

www.exploit-db.com/exploits/51909 (ExploitDB-51909) exploit

xbtitfm.eu (Official Vendor Homepage) product

www.vulncheck.com/...thenticated-path-traversal-in-nfogenphp (VulnCheck Advisory: xbtitFM 4.1.18 Unauthenticated Path Traversal in nfogen.php) third-party-advisory

cve.org (CVE-2024-58312)

nvd.nist.gov (CVE-2024-58312)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.