Apache Friends Xampp vulnerabilities
4 known vulnerabilities affecting apache_friends/xampp.
Total CVEs
4
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2012-10062P2HIGHCVSS 8.7PoC≤ 1.7.32025-08-30
CVE-2012-10062 [HIGH] CWE-306 CVE-2012-10062: A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration
A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests using default credentials. This permits attackers to upload a malicious PHP payload and trigger its exe
nvd
CVE-2008-3569P4MEDIUMCVSS 4.3PoCv1.6.72008-08-10
CVE-2008-3569 [MEDIUM] CWE-79 CVE-2008-3569: Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, when register_globals is enabled
Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the text parameter to (1) iart.php and (2) ming.php.
nvd
CVE-2024-5055P3HIGHCVSS 7.5v7.3.22024-05-17
CVE-2024-5055 [HIGH] CWE-400 CVE-2024-5055: Uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier. This v
Uncontrolled resource consumption vulnerability in XAMPP Windows, versions 7.3.2 and earlier. This vulnerability exists when XAMPP attempts to process many incomplete HTTP requests, resulting in resource consumption and system crashes.
nvd
CVE-2008-4450P4MEDIUMCVSS 4.3v1.6.82008-10-06
CVE-2008-4450 [MEDIUM] CWE-79 CVE-2008-4450: Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for Windows 1.6.8 allows remote attac
Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for Windows 1.6.8 allows remote attackers to inject arbitrary web script or HTML via the (1) dbserver, (2) host, (3) user, (4) password, (5) database, and (6) table parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
nvd