CVE-2012-10062

high

Apache

CVSS v3 Base Score

8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

58.0%

Exploitation probability in 30 days

Top 2% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Published: August 30, 2025 (258 days ago)

Last Modified: May 15, 2026

Vendor: Apache

Source: MITRE

Description

A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests using default credentials. This permits attackers to upload a malicious PHP payload and trigger its execution via a subsequent GET request, resulting in remote code execution on the server.

CWE

CWE-434

Affected Products

Apache Friends XAMPP

References

🔗 raw.githubusercontent.com 🔗 www.exploit-db.com 🔗 www.apachefriends.org 🔗 www.vulncheck.com

CVE-2012-10062

Vulnerability Report

Description

CWE

Affected Products

References