XAMPP Multiple Vulnerabilities June 2009 Network Vulnerability

Summary

XAMPP is prone to multiple vulnerabilities. 1. showcode.php Local File Include Vulnerability An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may aid in further attacks. 2. Multiple Cross Site Scripting Vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 3. Multiple SQL Injection Vulnerabilities Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. These issues affect XAMPP 1.6.8 and prior other versions may be affected as well.

References

http://websecurity.com.ua/3220/
http://websecurity.com.ua/3230/
http://websecurity.com.ua/3257/
http://www.apachefriends.org/en/xampp.html
http://www.securityfocus.com/bid/37997
http://www.securityfocus.com/bid/37998
http://www.securityfocus.com/bid/37999

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AjaXplorer zoho plugin Directory Traversal Vulnerability
AVTECH DVR Multiple Vulnerabilities
ASP-Dev XM Event Diary Multiple Vulnerabilities
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
Advantech WebAccess Multiple Vulnerabilities

Take action and discover your vulnerabilities