Every CVE whose affected-product data names Apachefriends Xampp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2019-8923 — CVSS 9.8 (critical): XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued.
CVE-2022-29376 — CVSS 8.8 (high): Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute…
CVE-2020-11107 — CVSS 8.8 (high): An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a…
CVE-2009-0919 — CVSS 7.5 (high): XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the…
CVE-2024-0338 — CVSS 7.3 (high): A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code…
CVE-2008-6498 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote attackers to hijack the…
CVE-2022-47637 — CVSS 6.7 (medium): The installer in XAMPP through 8.1.12 allows local users to write to the C:\xampp directory. Common use cases execute files under C:\xampp…
CVE-2017-20018 — CVSS 6.3 (medium): A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component…
CVE-2019-8924 — CVSS 6.1 (medium): XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued.
CVE-2008-6499 — CVSS 5.5 (medium): security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operation on the SERVER superglobal array, which allows remote attackers to…
CVE-2006-4994 — CVSS 4.6 (medium): Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a…
CVE-2013-2586 — CVSS 4.3 (medium): XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute…