CVE-2012-10062 – Apache Friends XAMPP WebDAV Remote Code Execution Vulnerability

CVE ID : CVE-2012-10062

Published : Aug. 30, 2025, 2:15 p.m. | 2 hours, 40 minutes ago

Description : A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3’s default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests using default credentials. This permits attackers to upload a malicious PHP payload and trigger its execution via a subsequent GET request, resulting in remote code execution on the server.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…