CVE-2021-45821

Name of the Vulnerable Software and Affected Versions Xbtit version 3.1

Description A blind SQL injection issue exists via the sid parameter in the "ajaxchat/getHistoryChatData.php" file, accessible by registered users. This allows malicious users to extract sensitive data, such as usernames and passwords, and potentially achieve remote code execution on the remote web server.

Recommendations For Xbtit version 3.1, consider restricting access to the "ajaxchat/getHistoryChatData.php" file or disabling the sid parameter to minimize the risk of exploitation until a patch is available.