edit-icon download-icon

[Vulnerability notice] File upload vulnerability in WEBDAV in XAMPP

Last Updated: Nov 27, 2017


XAMPP is a free and open source cross-platform web server solution stack package developed by Apache Friends. XAMPP stands for Cross-Platform (X), Apache (A), MariaDB (M), PHP (P) and Perl (P). It is a simple, lightweight Apache distribution that makes it easy for developers to create a local web server for testing and deployment purposes.

XAMPP enables the WEBDAV feature by default. Hackers may use the default account and password (wampp, xampp) to upload malicious files directly to the server to further break into the server.


Open the XAMPP configuration file httpd-dav.conf to modify the permissions or disable WEBDAV.

Thank you! We've received your feedback.