13 matches found
CVE-2020-11107
CVE-2020-11107 affects XAMPP on Windows prior to 7.2.29, 7.3.x prior to 7.3.16, and 7.4.x prior to 7.4.4. An unprivileged user can modify the xampp-control.ini configuration file to enable arbitrary command execution for all users (including admins). The root cause relates to insecure permission/...
CVE-2019-8920
CVE-2019-8920 is described as an XSS in iart.php of XAMPP 1.7.0, related to CVE-2008-3569. Connected documents show CVE-2008-3569 detailing XSS vulnerabilities in XAMPP 1.6.7 via iart.php and ming.php, indicating a pattern of reflected/script injection in iart.php across XAMPP versions. The provi...
CVE-2024-0338
CVE-2024-0338 describes a buffer overflow in XAMPP up to version 8.2.4, where an attacker could execute arbitrary code via a long file debug argument that controls the Structured Exception Handler (SEH). Affected product: XAMPP (≤ 8.2.4); root cause: SEH-related overflow in the debug argument han...
CVE-2022-29376
CVE-2022-29376 concerns Xampp for Windows, affected in version 8.1.4 and below. The root issue is insecure permissions on the install directory, which could let an attacker overwrite binaries and execute arbitrary code. The NVD entry notes high-severity impact (CVSSv3.1: 8.8, network attack, no u...
CVE-2019-8923
CVE-2019-8923 affects XAMPP 5.6.8 and earlier. The vulnerability is a SQL injection in the cds-fpdf.php jahr parameter, allowing remote input-based database querying due to insufficient input validation. Impact is listed as high to critical in sources (NVD CVSS 2.0/3.0), with potential for unauth...
CVE-2019-8924
CVE-2019-8924 affects XAMPP for Windows up to version 5.6.8, with a Cross‑Site Scripting (XSS) vulnerability in the cds-fpdf.php script. The vulnerability is triggered via the interpret or titel parameters, allowing script injection in affected deployments. The associated documents consistently n...
CVE-2017-20018
CVE-2017-20018 affects XAMPP 7.1.1-0-VC14, with the vulnerability in the Installer component involving an unknown function. The manipulation can lead to privilege escalation, and remote exploitation is possible. The connected documents do not provide concrete patch/version remediation details; ex...
CVE-2009-0919
The CVE-2009-0919 entry describes insecure default credentials in XAMPP bundles, enabling remote access through (1) lampp/default password for the nobody account in ProFTPD, (2) a blank root password in the included MySQL installation, and (3) a blank pma password in phpMyAdmin, among potentially...
CVE-2013-2586
CVE-2013-2586 affects XAMPP 1.8.1. The /xampp/lang.php page fails to restrict access, letting an unauthenticated user write to lang.tmp on local disk and trigger XSS via WriteIntoLocalDisk. Multiple sources (NVD/OpenVAS/Exploit-DB/Seebug) corroborate remote write access and local file modificatio...
CVE-2022-47637
CVE-2022-47637 affects the XAMPP Windows installer up to and including version 8.1.12. The installer allows local users to write to the C:\xampp directory, enabling potential execution of files under C:\xampp with administrative privileges. The Red Hat/PRION/PT-security entries corroborate the sa...
CVE-2008-6498
XAMPP 1.6.8 is affected by a CSRF vulnerability in security/xamppsecurity.php that lets an attacker hijack the user’s authenticated session to change the .htaccess password via the xampppasswd parameter. This vulnerability is identified as CVE-2008-6498. Public references in the provided document...
CVE-2008-6499
CVE-2008-6499 affects XAMPP 1.6.8, where security/xamppsecurity.php performs an extract operation on the SERVER superglobal. This allows remote attackers to spoof critical variables, demonstrated by altering REMOTE_ADDR to 127.0.0.1. The root cause is improper handling of server variables during ...
CVE-2006-4994
The CVE-2006-4994 issue affects Apache Friends XAMPP 1.5.2 and is caused by unquoted Windows search paths in the launcher/executables. When a malicious program is placed under %SYSTEMDRIVE% and an executable (FileZillaServer.exe, mysqld-nt.exe, Perl.exe, or xamppcontrol.exe) is invoked with an un...