Test ID:	1.3.6.1.4.1.25623.1.0.900527
Category:	Web application abuses
Title:	XAMPP < 1.7.3 Multiple CSRF Vulnerabilities
Summary:	XAMPP is prone to multiple cross-site request forgery (CSRF); vulnerabilities.
Description:	Summary: XAMPP is prone to multiple cross-site request forgery (CSRF) vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - Lack of input validation checking for the user-supplied data provided to 'security/xamppsecurity.php' which lets change admin password through CSRF attack. - Input passed to some certain parameters like 'dbserver', 'host', 'password', 'database' and 'table' in not properly sanitised before being returned to a user. Vulnerability Impact: Successful exploitation will let the attacker execute crafted malicious queries in the vulnerable parameters or can change admin authentication data via crafted CSRF queries. Affected Software/OS: XAMPP version 1.6.8 and prior. Solution: Update to version 1.7.3 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-6498 https://www.exploit-db.com/exploits/7384 http://secunia.com/advisories/32134 XForce ISS Database: xampp-xamppsecurity-csrf(47201) https://exchange.xforce.ibmcloud.com/vulnerabilities/47201 Common Vulnerability Exposure (CVE) ID: CVE-2008-6499 XForce ISS Database: xampp-xamppsecurity-ip-spoofing(47202) https://exchange.xforce.ibmcloud.com/vulnerabilities/47202
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.