CVE-2012-10062

Vulnerability Description

A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests using default credentials. This permits attackers to upload a malicious PHP payload and trigger its execution via a subsequent GET request, resulting in remote code execution on the server.

Related Weaknesses (CWE)

References

• https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exp
• https://www.apachefriends.org/index.html
• https://www.exploit-db.com/exploits/18367
• https://www.vulncheck.com/advisories/xampp-webdav-php-upload-auth-bypass-rce

FAQ

What is CVE-2012-10062?

CVE-2012-10062 is a documented vulnerability. A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, ...

How severe is CVE-2012-10062?

CVSS scoring is not yet available for CVE-2012-10062. Check NVD for updates.

Is there a patch for CVE-2012-10062?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.