CVE-2017-20018

Published: Jun 9, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely.

Affected (1)

Products: Apachefriends: Xampp

Apachefriends

1 product

Xampp

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apachefriends Xampp	Version 7.1.1-0-vc14

Related CWEs

CWE-427

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

References (4)

https://packetstormsecurity.com/files/142406/xampp-dllhijack.txt

Source: cna@vuldb.com

ExploitMitigationThird Party AdvisoryVDB Entry

https://vuldb.com/?id.100950

Source: cna@vuldb.com

Third Party Advisory

https://packetstormsecurity.com/files/142406/xampp-dllhijack.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMitigationThird Party AdvisoryVDB Entry

https://vuldb.com/?id.100950

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.