CVE-2007-2079

CVE-2007-2079 is a critical-severity vulnerability in Xampp Apache Distribution with a CVSS 2.0 base score of 9.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.

Key facts

Description

The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP.

Frequently asked questions

What is CVE-2007-2079?
The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP.
How severe is CVE-2007-2079?
CVE-2007-2079 has a CVSS 2.0 base score of 9.3, rated critical severity.
Is CVE-2007-2079 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 10% (95th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2007-2079?
CVE-2007-2079 affects Xampp Apache Distribution. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2007-2079?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
When was CVE-2007-2079 published?
CVE-2007-2079 was published on 2007-04-18 and last updated on 2026-06-16.

References

Affected products (1)

More vulnerabilities in Xampp Apache Distribution

All CVEs affecting Xampp Apache Distribution →