PT-2020-12553 · Apache Friends · Xampp
Maximilian Barz
·
Published
2020-04-02
·
Updated
2021-10-18
·
CVE-2020-11107
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
XAMPP versions prior to 7.2.29
XAMPP versions 7.3.x prior to 7.3.16
XAMPP versions 7.4.x prior to 7.4.4
Description
An issue was discovered in XAMPP on Windows, allowing an unprivileged user to change a .exe configuration in xampp-contol.ini for all users, including admins, to enable arbitrary command execution.
Recommendations
For XAMPP versions prior to 7.2.29, update to version 7.2.29 or later.
For XAMPP versions 7.3.x prior to 7.3.16, update to version 7.3.16 or later.
For XAMPP versions 7.4.x prior to 7.4.4, update to version 7.4.4 or later.
As a temporary workaround, consider restricting access to the xampp-contol.ini file to prevent unprivileged users from modifying the .exe configuration.
Exploit
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xampp