CVE-2012-10062

XAMPP WebDAV PHP Upload Authentication Bypass RCE

Description

A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests using default credentials. This permits attackers to upload a malicious PHP payload and trigger its execution via a subsequent GET request, resulting in remote code execution on the server.

INFO

Published Date :

2025-08-30T13:57:30.250Z

Last Modified :

2026-04-07T14:02:54.444Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2012-10062 vulnerability.

Vendors	Products
Apache Friends	Xampp
Apachefriends	Xampp

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2012-10062.

URL	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/xampp_webdav_upload_php.rb
https://www.apachefriends.org/index.html
https://www.exploit-db.com/exploits/18367
https://www.vulncheck.com/advisories/xampp-webdav-php-upload-auth-bypass-rce

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability