A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests using default credentials. This permits attackers to upload a malicious PHP payload and trigger its execution via a subsequent GET request, resulting in remote code execution on the server.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 02 Sep 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sun, 31 Aug 2025 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Apache Friends
Apache Friends xampp
Vendors & Products Apache Friends
Apache Friends xampp

Sat, 30 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
Description A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests using default credentials. This permits attackers to upload a malicious PHP payload and trigger its execution via a subsequent GET request, resulting in remote code execution on the server.
Title XAMPP WebDAV PHP Upload Authentication Bypass RCE
Weaknesses CWE-306
CWE-434
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2025-09-02T20:37:26.489Z

Reserved: 2025-08-28T18:58:41.548Z

Link: CVE-2012-10062

cve-icon Vulnrichment

Updated: 2025-09-02T20:37:22.678Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-30T14:15:40.230

Modified: 2025-09-02T15:55:25.420

Link: CVE-2012-10062

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-31T08:41:31Z