CVE-2008-6499

Published: Mar 20, 2009Modified: Apr 23, 2026

5.5

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:P

Exploitability: 8.0 / Impact: 4.9

Source: NVD

Description

security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operation on the SERVER superglobal array, which allows remote attackers to spoof critical variables, as demonstrated by setting the REMOTE_ADDR variable to 127.0.0.1.

Affected (1)

Products: Apachefriends: Xampp

Apachefriends

1 product

Xampp

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apachefriends Xampp	Version 1.6.8

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

https://exchange.xforce.ibmcloud.com/vulnerabilities/47202

Source: cve@mitre.org

https://www.exploit-db.com/exploits/7384

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/47202

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/7384

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.