CVE-2020-11107

EPSS 22.5%

Vexday Risk Score

28Low

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 22.5%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

02 Apr 2020Published on NVD

03 Apr 2020Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users (including admins) to enable arbitrary command execution.

Affected products

n/a · n/a

public PoCs found — 5

githubgithub.com/S1lkys/CVE-2020-11107★ 33 githubgithub.com/andripwn/CVE-2020-11107★ 4 githubgithub.com/Mohnad-AL-saif/Mohnad-AL-saif-CVE-2020-11107-XAMPP-Local-Privilege-Escalation★ 0 cve_referencepacketstormsecurity.com/files/164292/XAMPP-7.4.3-Privilege-Escalation.htmlunverified exploitdbwww.exploit-db.com/exploits/50337unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/164292/XAMPP-7.4.3-Privilege-Escalation.html https://www.apachefriends.org/blog/new_xampp_20200401.html