Skip to main content

Xampp

7 CVEs product

Monthly

CVE-2024-0338 CRITICAL Act Now

A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Xampp
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-29376 HIGH POC This Week

Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Microsoft Xampp
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2020-11107 HIGH POC THREAT This Week

An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Xampp
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
22.5%
CVE-2019-8920 MEDIUM POC This Month

iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Xampp
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-8924 MEDIUM POC This Month

XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Xampp
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
5.7%
CVE-2019-8923 CRITICAL POC Act Now

XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Xampp
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
3.9%
CVE-2013-2586 MEDIUM POC THREAT This Month

XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 14.6%.

XSS PHP Xampp
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
14.6%
EPSS 0% CVSS 9.8
CRITICAL Act Now

A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Xampp
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Microsoft +1
NVD GitHub
EPSS 22% CVSS 8.8
HIGH POC THREAT This Week

An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Xampp
NVD Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Xampp
NVD
EPSS 6% CVSS 6.1
MEDIUM POC This Month

XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Xampp
NVD Exploit-DB
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Xampp
NVD Exploit-DB
EPSS 15% CVSS 4.3
MEDIUM POC THREAT This Month

XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 14.6%.

XSS PHP Xampp
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy