edit-icon download-icon

[Vulnerability notice] File upload vulnerability in WEBDAV in XAMPP

Last Updated: Nov 27, 2017

Description

XAMPP is a free and open source cross-platform web server solution stack package developed by Apache Friends. XAMPP stands for Cross-Platform (X), Apache (A), MariaDB (M), PHP (P) and Perl (P). It is a simple, lightweight Apache distribution that makes it easy for developers to create a local web server for testing and deployment purposes.

XAMPP enables the WEBDAV feature by default. Hackers may use the default account and password (wampp, xampp) to upload malicious files directly to the server to further break into the server.

Fix

Open the XAMPP configuration file httpd-dav.conf to modify the permissions or disable WEBDAV.

Thank you! We've received your feedback.