Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory.
References
Link | Resource |
---|---|
https://github.com/ycdxsb/Vuln/blob/main/Xampp-Install-Dir-Incorrect-Default-Permission/Xampp-Install-Dir-Incorrect-Default-Permission.md | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
07 Jun 2022, 03:01
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/ycdxsb/Vuln/blob/main/Xampp-Install-Dir-Incorrect-Default-Permission/Xampp-Install-Dir-Incorrect-Default-Permission.md - Exploit, Third Party Advisory | |
First Time |
Microsoft
Microsoft windows Apachefriends xampp Apachefriends |
|
CPE | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* cpe:2.3:a:apachefriends:xampp:*:*:*:*:*:*:*:* |
|
CWE | CWE-276 | |
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
23 May 2022, 21:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-23 21:16
Updated : 2023-12-10 14:22
NVD link : CVE-2022-29376
Mitre link : CVE-2022-29376
CVE.ORG link : CVE-2022-29376
JSON object : View
Products Affected
apachefriends
- xampp
microsoft
- windows
CWE
CWE-276
Incorrect Default Permissions