CVE-2021-45821

A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order to get a remote code execution on the remote web server.
Configurations

Configuration 1

cpe:2.3:a:btiteam:xbtit:3.1:*:*:*:*:*:*:*

Information

Published : 2022-03-16 03:15

Updated : 2022-03-28 01:17


NVD link : CVE-2021-45821

Mitre link : CVE-2021-45821

Products Affected
No products.
CWE