Description
A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests using default credentials. This permits attackers to upload a malicious PHP payload and trigger its execution via a subsequent GET request, resulting in remote code execution on the server.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
Low
User Interaction
None
Confidentiality (Vulnerable System)
High
Integrity (Vulnerable System)
High
Availability (Vulnerable System)
High
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
Affected products
- Apache Friends / XAMPP0 – 1.7.3
References
- EXPLOIThttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/xampp_webdav_upload_php.rb
- EXPLOIThttps://www.exploit-db.com/exploits/18367
- MISChttps://www.apachefriends.org/index.html
- VENDOR_ADVISORYhttps://www.vulncheck.com/advisories/xampp-webdav-php-upload-auth-bypass-rce