CVE-2022-47637

Published: Sep 12, 2023Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

The installer in XAMPP through 8.1.12 allows local users to write to the C:\xampp directory. Common use cases execute files under C:\xampp with administrative privileges.

Affected (1)

Products: Apachefriends: Xampp

Apachefriends

1 product

Xampp

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Apachefriends Xampp	Up to 8.1.12

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-281

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References (2)

https://shinnai.altervista.org/exploits/DVRT-2023-0001_CVE-2022-47637.pdf

Source: cve@mitre.org

ExploitVendor Advisory

https://shinnai.altervista.org/exploits/DVRT-2023-0001_CVE-2022-47637.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.