XAMPP Multiple Cross-Site Request Forgery Vulnerability

Summary
The host is installed with XAMPP and is prone to multiple cross-site request forgery vulnerability.
Impact
Successful exploitation will let the attacker execute crafted malicious queries in the vulnerable parameters or can change admin authentication data via crafted CSRF queries. Impact Level: Application/Network
Solution
Upgrade to XAMPP version 1.7.3 or later, For updates refer to http://www.apachefriends.org/en/xampp.htm
Insight
Multiple flaws are due to, - Lack of input validation checking for the user-supplied data provided to 'security/xamppsecurity.php' which lets change admin password through CSRF attack. - Input passed to some certain parameters like 'dbserver', 'host', 'password', 'database' and 'table' in not properly sanitised before being returned to a user.
Affected
XAMPP version 1.6.8 or prior on all platforms.
References