PT-2023-15447 · Apache Friends · Xampp
Published
2023-09-12
·
Updated
2023-09-15
·
CVE-2022-47637
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
XAMPP versions 8.1.12 and earlier
Description
The issue allows local users to write to the C:xampp directory. In common use cases, files under C:xampp are executed with administrative privileges.
Recommendations
For XAMPP versions 8.1.12 and earlier, consider restricting write access to the C:xampp directory to prevent local users from modifying its contents until a patch is available. As a temporary workaround, avoid executing files under C:xampp with administrative privileges to minimize the risk of exploitation.
Exploit
Fix
Improper Preservation of Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xampp