All Products
Document Center

[Vulnerability notice] Directory traversal vulnerability in XAMPP

Last Updated: Nov 27, 2017


XAMPP is a free and open source cross-platform web server solution stack package developed by Apache Friends. XAMPP stands for Cross-Platform (X), Apache (A), MariaDB (M), PHP (P) and Perl (P). It is a simple, lightweight Apache distribution that makes it easy for developers to create a local web server for testing and deployment purposes.

The showcode.php file of XAMPP has poorly written code that allows attackers to read any file on the server.


Download and use the latest XAMPP code from the XAMPP official website.

Note: To avoid data loss, make a backup before upgrading, or create a hard disk snapshot for ECS.