CVE-2012-10062
published 2025-08-30CVE-2012-10062: A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute…
PriorityP266high8.7CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.21%
64.6th percentile
A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests using default credentials. This permits attackers to upload a malicious PHP payload and trigger its execution via a subsequent GET request, resulting in remote code execution on the server.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache_friends | xampp | <= 1.7.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect HTTP PUT requests to /webdav/ paths, especially those uploading PHP files, as this is the primary attack vector for CVE-2012-10062. ↗
- →Monitor for a GET request to /webdav/ following a PUT request to the same path, which indicates the attacker is triggering execution of an uploaded PHP payload. ↗
- →Alert on use of default XAMPP WebDAV credentials in HTTP Basic Authentication headers combined with PUT requests, as exploitation relies on default credentials. ↗
- →Detect Metasploit exploit module activity for both multi/http/webdav_upload_php (cross-platform) and windows/http/xampp_webdav_upload_php targeting XAMPP WebDAV endpoints. ↗
- ·The vulnerability is specific to XAMPP version 1.7.3's DEFAULT WebDAV configuration. Installations with changed credentials or disabled WebDAV are not affected. ↗
- ·Exploitation requires both WebDAV and PHP execution to be enabled on the same endpoint; the Metasploit module targets this combined condition. ↗
- ·The updated Metasploit module (multi/http/webdav_upload_php) now includes Linux support and a check() method, broadening the scope beyond Windows-only XAMPP targets. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
Metasploit
WebDAV PHP Upload
metasploit
CVE-2012-10062 WebDAV PHP Upload
WebDAV PHP Upload
This module exploits WebDAV which also has PHP enabled, such as found on XAMPP servers. It can use do by using any supplied credentials to upload via WebDAV, a PHP payload and then execute it.
Metasploit
XAMPP WebDAV PHP Upload
metasploit
XAMPP WebDAV PHP Upload
XAMPP WebDAV PHP Upload
This module exploits weak WebDAV passwords on XAMPP servers. It uses supplied credentials to upload a PHP payload and execute it.
2025-08-30
Published