Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apachefriends xampp vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-0338
A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and previous versions. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH).
Apachefriends Xampp
6.7
CVSSv3
CVE-2022-47637
The installer in XAMPP up to and including 8.1.12 allows local users to write to the C:\xampp directory. Common use cases execute files under C:\xampp with administrative privileges.
Apachefriends Xampp
7.8
CVSSv3
CVE-2017-20018
A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely.
Apachefriends Xampp 7.1.1-0-vc14
8.8
CVSSv3
CVE-2022-29376
Xampp for Windows v8.1.4 and below exists to contain insecure permissions for its install directory, allowing malicious users to execute arbitrary code via overwriting binaries located in the directory.
Apachefriends Xampp
8.8
CVSSv3
CVE-2020-11107
An issue exists in XAMPP prior to 7.2.29, 7.3.x prior to 7.3.16 , and 7.4.x prior to 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users (including admins) to enable arbitrary command execution.
Apachefriends Xampp
2 Github repositories
6.1
CVSSv3
CVE-2019-8920
iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569.
Apachefriends Xampp 1.7.0
6.1
CVSSv3
CVE-2019-8924
XAMPP up to and including 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued.
Apachefriends Xampp
1 EDB exploit
9.8
CVSSv3
CVE-2019-8923
XAMPP up to and including 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued.
Apachefriends Xampp
1 EDB exploit
NA
CVE-2013-2586
XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote malicious users to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk method.
Apachefriends Xampp 1.8.1
1 EDB exploit
NA
CVE-2008-6498
Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote malicious users to hijack the authentication of users for requests that change a certain .htaccess password via the xampppasswd parameter.
Apachefriends Xampp 1.6.8
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »