Summary
The host is installed with XAMPP and is prone to multiple cross-site request forgery vulnerability.
Impact
Successful exploitation will let the attacker execute crafted malicious queries in the vulnerable parameters or can change admin authentication data via crafted CSRF queries.
Impact Level: Application/Network
Solution
Upgrade to XAMPP version 1.7.3 or later,
For updates refer to http://www.apachefriends.org/en/xampp.htm
Insight
Multiple flaws are due to,
- Lack of input validation checking for the user-supplied data provided to 'security/xamppsecurity.php' which lets change admin password through CSRF attack.
- Input passed to some certain parameters like 'dbserver', 'host', 'password', 'database' and 'table' in not properly sanitised before being returned to a user.
Affected
XAMPP version 1.6.8 or prior on all platforms.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2008-6498, CVE-2008-6499 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
- Apache Open For Business HTML injection vulnerability
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
- Apache Tomcat Information Disclosure Vulnerability