CVE-2022-29376

Published: May 23, 2022Modified: Aug 15, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory.

Affected (1)

Products: Apachefriends: Xampp

Apachefriends

1 product

Xampp

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Apachefriends Xampp	Up to 8.1.4

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (3)

https://github.com/ycdxsb/Vuln/blob/main/CVE-2022-29376/CVE-2022-29376.md

Source: cve@mitre.org

https://github.com/ycdxsb/Vuln/blob/main/Xampp-Install-Dir-Incorrect-Default-Permission/Xampp-Install-Dir-Incorrect-Default-Permission.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/ycdxsb/Vuln/blob/main/Xampp-Install-Dir-Incorrect-Default-Permission/Xampp-Install-Dir-Incorrect-Default-Permission.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.