8.8
CVE-2022-29376
- EPSS 0.58%
- Veröffentlicht 23.05.2022 21:16:05
- Zuletzt bearbeitet 15.08.2025 15:15:28
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginXampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apachefriends ≫ Xampp Version <= 8.1.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.58% | 0.679 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.