Vulnerability Description
An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users (including admins) to enable arbitrary command execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apachefriends | Xampp | < 7.2.29 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/164292/XAMPP-7.4.3-Privilege-Escalation.htmExploitThird Party AdvisoryVDB Entry
- https://www.apachefriends.org/blog/new_xampp_20200401.htmlVendor Advisory
- http://packetstormsecurity.com/files/164292/XAMPP-7.4.3-Privilege-Escalation.htmExploitThird Party AdvisoryVDB Entry
- https://www.apachefriends.org/blog/new_xampp_20200401.htmlVendor Advisory
FAQ
What is CVE-2020-11107?
CVE-2020-11107 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users (includi...
How severe is CVE-2020-11107?
CVE-2020-11107 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11107?
Check the references section above for vendor advisories and patch information. Affected products include: Apachefriends Xampp, Microsoft Windows.