← back
CVE-2024-58312

xbtitFM 4.1.18 Unauthenticated Path Traversal in nfogen.php

CVSS 8.7 HIGHEPSS 1.0%CWE-22
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.7EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
11 Dec 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
xbtitFM 4.1.18 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal techniques to read critical system files like using encoded path traversal characters in HTTP requests.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
xbtitfm · xbtitFM