CVE-2012-10062 in XAMPP
Summary
by MITRE • 08/30/2025
A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests using default credentials. This permits attackers to upload a malicious PHP payload and trigger its execution via a subsequent GET request, resulting in remote code execution on the server.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 08/30/2025
The vulnerability identified as CVE-2012-10062 represents a critical security flaw in XAMPP version 1.7.3 that exposes systems to remote code execution through improper WebDAV service configuration. This issue stems from the default installation's lack of proper access controls and authentication mechanisms within the WebDAV component, which is designed to facilitate web-based file management and collaboration. The vulnerability specifically affects systems where XAMPP is installed with its default settings, making it particularly dangerous as many users deploy these configurations without implementing additional security measures.
The technical exploitation of this vulnerability occurs through the WebDAV service's acceptance of HTTP PUT requests, which allows authenticated users to upload files to the server. The default credentials provided in the vulnerable XAMPP installation create a persistent attack vector that does not require specialized knowledge or complex exploitation techniques. When an attacker successfully authenticates using the default credentials and uploads a PHP payload through the PUT method, they can subsequently execute arbitrary code by making a GET request to the uploaded file. This process directly violates fundamental security principles of least privilege and proper access control, as the default configuration provides unrestricted file upload capabilities to authenticated users.
The operational impact of this vulnerability extends beyond simple code execution, as it provides attackers with complete control over the affected server environment. Remote code execution capabilities enable attackers to install backdoors, exfiltrate sensitive data, modify system configurations, and potentially use the compromised server as a launch point for further attacks within the network. The vulnerability's persistence is particularly concerning because it affects systems running the default XAMPP installation, which is commonly used in development environments and may not receive regular security updates from administrators. This creates a significant risk for organizations that deploy XAMPP without proper security hardening, as the default configuration leaves the system vulnerable to exploitation.
Security mitigations for this vulnerability must address both the immediate configuration issues and broader system hardening practices. Organizations should immediately disable or properly configure the WebDAV service, implement strong authentication mechanisms, and restrict access to the /webdav/ endpoint through firewall rules or access control lists. The remediation process involves changing default credentials, implementing proper authorization controls, and ensuring that file upload capabilities are restricted to authorized users with specific permissions. Additionally, regular security audits and penetration testing should be conducted to identify similar misconfigurations in other services. This vulnerability aligns with CWE-284 (Improper Access Control) and represents a classic example of how default configurations can create security risks, often categorized under ATT&CK technique T1190 (Exploit Public-Facing Application) and T1059 (Command and Scripting Interpreter) for the execution phase of the attack lifecycle.
The broader implications of this vulnerability highlight the importance of security by design principles in software development and deployment practices. Many organizations deploy software with default configurations without considering the security implications of these settings, creating persistent attack vectors that can be exploited by threat actors with minimal effort. This vulnerability demonstrates how seemingly minor configuration issues can result in catastrophic security breaches, emphasizing the need for comprehensive security awareness training and automated security scanning tools. The incident also underscores the critical importance of regular security updates and patch management, as newer versions of XAMPP would not contain this vulnerability, making timely upgrades essential for maintaining system security.