Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Xampp
(Apachefriends)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-02 | CVE-2024-0338 | A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH). | Xampp | 9.8 | ||
| 2006-09-26 | CVE-2006-4994 | Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname. | Xampp | N/A | ||
| 2023-09-12 | CVE-2022-47637 | The installer in XAMPP through 8.1.12 allows local users to write to the C:\xampp directory. Common use cases execute files under C:\xampp with administrative privileges. | Xampp | 6.7 | ||
| 2022-06-09 | CVE-2017-20018 | A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely. | Xampp | 7.8 | ||
| 2022-05-23 | CVE-2022-29376 | Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory. | Xampp | 8.8 | ||
| 2020-04-02 | CVE-2020-11107 | An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users (including admins) to enable arbitrary command execution. | Xampp | 8.8 | ||
| 2019-07-09 | CVE-2019-8920 | iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569. | Xampp | 6.1 | ||
| 2019-05-17 | CVE-2019-8924 | XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued. | Xampp | 6.1 | ||
| 2019-05-14 | CVE-2019-8923 | XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued. | Xampp | 9.8 | ||
| 2014-09-29 | CVE-2013-2586 | XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk method. | Xampp | N/A |