Cross-site Request Forgery (CSRF) Affecting xampp package, versions [,1.6.8]


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.41% (75th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Cross-site Request Forgery (CSRF) vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-UNMANAGED-XAMPP-2381735
  • published26 Jan 2022
  • disclosed20 Mar 2009
  • creditUnknown

Introduced: 20 Mar 2009

CVE-2008-6498  (opens in a new tab)
CWE-352  (opens in a new tab)

How to fix?

There is no fixed version for xampp.

Overview

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote attackers to hijack the authentication of users for requests that change a certain .htaccess password via the xampppasswd parameter.

References

CVSS Base Scores

version 3.1