Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory.
References
| Link | Resource |
|---|---|
| https://github.com/ycdxsb/Vuln/blob/main/Xampp-Install-Dir-Incorrect-Default-Permission/Xampp-Install-Dir-Incorrect-Default-Permission.md | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
07 Jun 2022, 03:01
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://github.com/ycdxsb/Vuln/blob/main/Xampp-Install-Dir-Incorrect-Default-Permission/Xampp-Install-Dir-Incorrect-Default-Permission.md - Exploit, Third Party Advisory | |
| First Time |
Microsoft
Microsoft windows Apachefriends xampp Apachefriends |
|
| CPE | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:apachefriends:xampp:*:*:*:*:*:*:*:* |
|
| CWE | CWE-276 | |
| CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
23 May 2022, 21:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-05-23 21:16
Updated : 2023-12-10 14:22
NVD link : CVE-2022-29376
Mitre link : CVE-2022-29376
CVE.ORG link : CVE-2022-29376
JSON object : View
Products Affected
apachefriends
- xampp
microsoft
- windows
CWE
CWE-276
Incorrect Default Permissions