CPE Details
Apache Friends XAMPP 1.5.2
1.5.2
2020-05-06
11h56 +00:00
11h56 +00:00
2020-05-06
11h56 +00:00
11h56 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:apachefriends:xampp:1.5.2:*:*:*:*:*:*:*
Informations
Vendor
apachefriendsProduct
xamppVersion
1.5.2Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH). | 9.8 |
Critique |
||
| The installer in XAMPP through 8.1.12 allows local users to write to the C:\xampp directory. Common use cases execute files under C:\xampp with administrative privileges. | 6.7 |
Moyen |
||
| Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory. | 8.8 |
Haute |
||
| An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users (including admins) to enable arbitrary command execution. | 8.8 |
Haute |
||
| XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued. | 6.1 |
Moyen |
||
| XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued. | 9.8 |
Critique |
||
| Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname. | 4.6 |
2025©
tesweb SA
