Vulnerabilites related to wampserver - wampserver
CVE-2018-8817 (GCVE-0-2018-8817)
Vulnerability from cvelistv5
Published
2018-03-25 19:00
Modified
2024-08-05 07:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Wampserver before 3.1.3 has CSRF in add_vhost.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/44385/ | exploit, x_refsource_EXPLOIT-DB | |
| http://forum.wampserver.com/read.php?2%2C138295%2C150722%2Cpage=6#msg-150722 | x_refsource_MISC | |
| https://seclists.org/bugtraq/2019/Jun/10 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:02:26.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44385",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44385/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.wampserver.com/read.php?2%2C138295%2C150722%2Cpage=6#msg-150722"
},
{
"name": "20190610 CVE-2019-11517: CSRF in Wampserver 3.1.4-3.1.8",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Wampserver before 3.1.3 has CSRF in add_vhost.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-10T10:06:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "44385",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44385/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.wampserver.com/read.php?2%2C138295%2C150722%2Cpage=6#msg-150722"
},
{
"name": "20190610 CVE-2019-11517: CSRF in Wampserver 3.1.4-3.1.8",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wampserver before 3.1.3 has CSRF in add_vhost.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44385",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44385/"
},
{
"name": "http://forum.wampserver.com/read.php?2,138295,150722,page=6#msg-150722",
"refsource": "MISC",
"url": "http://forum.wampserver.com/read.php?2,138295,150722,page=6#msg-150722"
},
{
"name": "20190610 CVE-2019-11517: CSRF in Wampserver 3.1.4-3.1.8",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8817",
"datePublished": "2018-03-25T19:00:00",
"dateReserved": "2018-03-20T00:00:00",
"dateUpdated": "2024-08-05T07:02:26.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10031 (GCVE-0-2016-10031)
Vulnerability from cvelistv5
Published
2016-12-27 07:25
Modified
2024-08-06 03:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called mysqld.exe or httpd.exe and replace the original files. The next time the service starts, the malicious file will get executed as SYSTEM. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which "'someone' (an attacker) is able to replace files on a PC" is not "the fault of WampServer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/40967/ | exploit, x_refsource_EXPLOIT-DB | |
| https://packetstormsecurity.com/files/140279/Wampserver-3.0.6-Privilege-Escalation.html | x_refsource_MISC | |
| https://sourceforge.net/p/wampserver/bugs/52/ | x_refsource_MISC | |
| http://forum.wampserver.com/read.php?2%2C144473 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40967",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40967/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/140279/Wampserver-3.0.6-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/wampserver/bugs/52/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.wampserver.com/read.php?2%2C144473"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WampServer 3.0.6 installs two services called \u0027wampapache\u0027 and \u0027wampmysqld\u0027 with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called mysqld.exe or httpd.exe and replace the original files. The next time the service starts, the malicious file will get executed as SYSTEM. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which \"\u0027someone\u0027 (an attacker) is able to replace files on a PC\" is not \"the fault of WampServer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-28T07:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "40967",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40967/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/140279/Wampserver-3.0.6-Privilege-Escalation.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/wampserver/bugs/52/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.wampserver.com/read.php?2%2C144473"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** WampServer 3.0.6 installs two services called \u0027wampapache\u0027 and \u0027wampmysqld\u0027 with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called mysqld.exe or httpd.exe and replace the original files. The next time the service starts, the malicious file will get executed as SYSTEM. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which \"\u0027someone\u0027 (an attacker) is able to replace files on a PC\" is not \"the fault of WampServer.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40967",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40967/"
},
{
"name": "https://packetstormsecurity.com/files/140279/Wampserver-3.0.6-Privilege-Escalation.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/140279/Wampserver-3.0.6-Privilege-Escalation.html"
},
{
"name": "https://sourceforge.net/p/wampserver/bugs/52/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/wampserver/bugs/52/"
},
{
"name": "http://forum.wampserver.com/read.php?2,144473",
"refsource": "MISC",
"url": "http://forum.wampserver.com/read.php?2,144473"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10031",
"datePublished": "2016-12-27T07:25:00",
"dateReserved": "2016-12-22T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11517 (GCVE-0-2019-11517)
Vulnerability from cvelistv5
Published
2019-06-10 17:47
Modified
2024-08-04 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
WampServer before 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner.
References
| ▼ | URL | Tags |
|---|---|---|
| https://seclists.org/bugtraq/2019/Jun/10 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190610 CVE-2019-11517: CSRF in Wampserver 3.1.4-3.1.8",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jun/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WampServer before 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-10T17:49:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20190610 CVE-2019-11517: CSRF in Wampserver 3.1.4-3.1.8",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jun/10"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WampServer before 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190610 CVE-2019-11517: CSRF in Wampserver 3.1.4-3.1.8",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jun/10"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11517",
"datePublished": "2019-06-10T17:47:49",
"dateReserved": "2019-04-25T00:00:00",
"dateUpdated": "2024-08-04T22:55:40.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000848 (GCVE-0-2018-1000848)
Vulnerability from cvelistv5
Published
2018-12-20 15:00
Modified
2024-09-16 18:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Wampserver version prior to version 3.1.5 contains a Cross Site Scripting (XSS) vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later.
References
| ▼ | URL | Tags |
|---|---|---|
| http://forum.wampserver.com/read.php?2%2C153491 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.wampserver.com/read.php?2%2C153491"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-11-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Wampserver version prior to version 3.1.5 contains a Cross Site Scripting (XSS) vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-12-20T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.wampserver.com/read.php?2%2C153491"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-11-27T13:54:33.486534",
"DATE_REQUESTED": "2018-11-18T12:33:39",
"ID": "CVE-2018-1000848",
"REQUESTER": "wampserver@otomatic.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wampserver version prior to version 3.1.5 contains a Cross Site Scripting (XSS) vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forum.wampserver.com/read.php?2,153491",
"refsource": "MISC",
"url": "http://forum.wampserver.com/read.php?2,153491"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000848",
"datePublished": "2018-12-20T15:00:00Z",
"dateReserved": "2018-12-20T00:00:00Z",
"dateUpdated": "2024-09-16T18:49:10.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8732 (GCVE-0-2018-8732)
Vulnerability from cvelistv5
Published
2018-03-19 20:00
Modified
2024-08-05 07:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the virtual_del parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://forum.wampserver.com/read.php?2%2C138295%2C150615%2Cpage=6#msg-150615 | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/44384/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:02:25.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.wampserver.com/read.php?2%2C138295%2C150615%2Cpage=6#msg-150615"
},
{
"name": "44384",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44384/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the virtual_del parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.wampserver.com/read.php?2%2C138295%2C150615%2Cpage=6#msg-150615"
},
{
"name": "44384",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44384/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the virtual_del parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forum.wampserver.com/read.php?2,138295,150615,page=6#msg-150615",
"refsource": "MISC",
"url": "http://forum.wampserver.com/read.php?2,138295,150615,page=6#msg-150615"
},
{
"name": "44384",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44384/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8732",
"datePublished": "2018-03-19T20:00:00",
"dateReserved": "2018-03-15T00:00:00",
"dateUpdated": "2024-08-05T07:02:25.957Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10072 (GCVE-0-2016-10072)
Vulnerability from cvelistv5
Published
2016-12-27 07:25
Modified
2024-08-06 03:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000.exe' with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called wampmanager.exe or unins000.exe and replace the original files. The next time one of these programs is launched by a more privileged user, malicious code chosen by the local attacker will run. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which "'someone' (an attacker) is able to replace files on a PC" is not "the fault of WampServer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://packetstormsecurity.com/files/138948/wampserver306-insecure.txt | x_refsource_MISC | |
| http://forum.wampserver.com/read.php?2%2C144473 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:wampserver:wampserver:3.0.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wampserver",
"vendor": "wampserver",
"versions": [
{
"status": "affected",
"version": "3.0.6"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2016-10072",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T19:05:11.736813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T19:06:59.359Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:32.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/138948/wampserver306-insecure.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.wampserver.com/read.php?2%2C144473"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WampServer 3.0.6 has two files called \u0027wampmanager.exe\u0027 and \u0027unins000.exe\u0027 with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called wampmanager.exe or unins000.exe and replace the original files. The next time one of these programs is launched by a more privileged user, malicious code chosen by the local attacker will run. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which \"\u0027someone\u0027 (an attacker) is able to replace files on a PC\" is not \"the fault of WampServer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-27T04:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/138948/wampserver306-insecure.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.wampserver.com/read.php?2%2C144473"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** WampServer 3.0.6 has two files called \u0027wampmanager.exe\u0027 and \u0027unins000.exe\u0027 with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called wampmanager.exe or unins000.exe and replace the original files. The next time one of these programs is launched by a more privileged user, malicious code chosen by the local attacker will run. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which \"\u0027someone\u0027 (an attacker) is able to replace files on a PC\" is not \"the fault of WampServer.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/138948/wampserver306-insecure.txt",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/138948/wampserver306-insecure.txt"
},
{
"name": "http://forum.wampserver.com/read.php?2,144473",
"refsource": "MISC",
"url": "http://forum.wampserver.com/read.php?2,144473"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10072",
"datePublished": "2016-12-27T07:25:00",
"dateReserved": "2016-12-26T00:00:00",
"dateUpdated": "2024-08-06T03:07:32.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36565 (GCVE-0-2022-36565)
Vulnerability from cvelistv5
Published
2022-08-30 20:05
Modified
2024-08-03 10:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Incorrect access control in the install directory (C:\Wamp64) of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/ycdxsb/Vuln/blob/main/Wamp-Vuln/Wamp-Vuln.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ycdxsb/Vuln/blob/main/Wamp-Vuln/Wamp-Vuln.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect access control in the install directory (C:\\Wamp64) of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-30T20:05:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ycdxsb/Vuln/blob/main/Wamp-Vuln/Wamp-Vuln.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect access control in the install directory (C:\\Wamp64) of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ycdxsb/Vuln/blob/main/Wamp-Vuln/Wamp-Vuln.md",
"refsource": "MISC",
"url": "https://github.com/ycdxsb/Vuln/blob/main/Wamp-Vuln/Wamp-Vuln.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36565",
"datePublished": "2022-08-30T20:05:56",
"dateReserved": "2022-07-25T00:00:00",
"dateUpdated": "2024-08-03T10:07:34.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0700 (GCVE-0-2010-0700)
Vulnerability from cvelistv5
Published
2010-02-23 20:00
Modified
2024-08-07 00:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/62481 | vdb-entry, x_refsource_OSVDB | |
| http://zeroscience.mk/en/vulnerabilities/ZSL-2010-4926.php | x_refsource_MISC | |
| http://zeroscience.mk/codes/wamp_xss.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/38357 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/38706 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56417 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62481",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62481"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zeroscience.mk/en/vulnerabilities/ZSL-2010-4926.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://zeroscience.mk/codes/wamp_xss.txt"
},
{
"name": "38357",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38357"
},
{
"name": "38706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38706"
},
{
"name": "wampserver-index-xss(56417)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56417"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "62481",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62481"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zeroscience.mk/en/vulnerabilities/ZSL-2010-4926.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://zeroscience.mk/codes/wamp_xss.txt"
},
{
"name": "38357",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38357"
},
{
"name": "38706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38706"
},
{
"name": "wampserver-index-xss(56417)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56417"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62481",
"refsource": "OSVDB",
"url": "http://osvdb.org/62481"
},
{
"name": "http://zeroscience.mk/en/vulnerabilities/ZSL-2010-4926.php",
"refsource": "MISC",
"url": "http://zeroscience.mk/en/vulnerabilities/ZSL-2010-4926.php"
},
{
"name": "http://zeroscience.mk/codes/wamp_xss.txt",
"refsource": "MISC",
"url": "http://zeroscience.mk/codes/wamp_xss.txt"
},
{
"name": "38357",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38357"
},
{
"name": "38706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38706"
},
{
"name": "wampserver-index-xss(56417)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56417"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0700",
"datePublished": "2010-02-23T20:00:00",
"dateReserved": "2010-02-23T00:00:00",
"dateUpdated": "2024-08-07T00:59:38.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2010-02-23 20:30
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wampserver | wampserver | 2.0i |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wampserver:wampserver:2.0i:*:*:*:*:*:*:*",
"matchCriteriaId": "A084C9D1-4975-4E47-BCF5-042A8B0516B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php en WampServer 2.0i permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a trav\u00e9s del par\u00e1metro \"lang\"."
}
],
"id": "CVE-2010-0700",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-02-23T20:30:00.937",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/62481"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38706"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38357"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://zeroscience.mk/codes/wamp_xss.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://zeroscience.mk/en/vulnerabilities/ZSL-2010-4926.php"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/62481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://zeroscience.mk/codes/wamp_xss.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://zeroscience.mk/en/vulnerabilities/ZSL-2010-4926.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56417"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-27 07:59
Modified
2025-04-12 10:46
Severity ?
Summary
WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called mysqld.exe or httpd.exe and replace the original files. The next time the service starts, the malicious file will get executed as SYSTEM. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which "'someone' (an attacker) is able to replace files on a PC" is not "the fault of WampServer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wampserver | wampserver | 3.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wampserver:wampserver:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B1675566-C129-48B9-9ABF-8359CA71168C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WampServer 3.0.6 installs two services called \u0027wampapache\u0027 and \u0027wampmysqld\u0027 with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called mysqld.exe or httpd.exe and replace the original files. The next time the service starts, the malicious file will get executed as SYSTEM. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which \"\u0027someone\u0027 (an attacker) is able to replace files on a PC\" is not \"the fault of WampServer."
},
{
"lang": "es",
"value": "** DISPUTADA ** WampServer 3.0.6 instala dos servicios llamados \u0027wampapache\u0027 y \u0027wampmysqld\u0027 con permisos de archivo d\u00e9biles, ejecutando con privilegios SYSTEM. Esto podr\u00eda potencialmente permitir a un usuario local autorizado pero sin privilegios ejecutar c\u00f3digo arbitrario con privilegios elevados en el sistema. Para explotar esta vulnerabilidad adecuadamente, el atacante local debe insertar un archivo ejecutable llamado mysqld.exe o httpd.exe y reemplazar los archivos originales. La pr\u00f3xima vez que comience el servicio, el archivo malicioso se ejecutar\u00e1 como SYSTEM. NOTA: el vendedor cuestiona la relevancia de este informe, tomando la postura de que una configuraci\u00f3n en la que \"\u0027alguien\u0027 (un atacante) es capaz de reemplazar archivos en un PC\" no es \"la culpa de WampServer\"."
}
],
"id": "CVE-2016-10031",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-27T07:59:00.150",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forum.wampserver.com/read.php?2%2C144473"
},
{
"source": "cve@mitre.org",
"url": "https://packetstormsecurity.com/files/140279/Wampserver-3.0.6-Privilege-Escalation.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://sourceforge.net/p/wampserver/bugs/52/"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/40967/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.wampserver.com/read.php?2%2C144473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://packetstormsecurity.com/files/140279/Wampserver-3.0.6-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://sourceforge.net/p/wampserver/bugs/52/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40967/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-20 15:29
Modified
2024-11-21 03:40
Severity ?
Summary
Wampserver version prior to version 3.1.5 contains a Cross Site Scripting (XSS) vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wampserver | wampserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wampserver:wampserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7543474-85D3-437A-B9E5-B5CD8AC78AAC",
"versionEndExcluding": "3.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Wampserver version prior to version 3.1.5 contains a Cross Site Scripting (XSS) vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later."
},
{
"lang": "es",
"value": "Wampserver, en versiones anteriores a la 3.1.5, contiene una vulnerabilidad de Cross-Site Scripting (XSS) en la p\u00e1gina del localhost index.php. Este ataque parece ser explotable mediante una carga \u00fatil en onmouseover. La vulnerabilidad parece haber sido solucionada en las versiones 3.1.5 y siguientes."
}
],
"id": "CVE-2018-1000848",
"lastModified": "2024-11-21T03:40:29.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-20T15:29:02.297",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forum.wampserver.com/read.php?2%2C153491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.wampserver.com/read.php?2%2C153491"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-19 20:29
Modified
2024-11-21 04:14
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the virtual_del parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://forum.wampserver.com/read.php?2%2C138295%2C150615%2Cpage=6#msg-150615 | ||
| cve@mitre.org | https://www.exploit-db.com/exploits/44384/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://forum.wampserver.com/read.php?2%2C138295%2C150615%2Cpage=6#msg-150615 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/44384/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wampserver | wampserver | 3.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wampserver:wampserver:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "35940E57-5E2E-4B53-A6DD-279325DB43A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the virtual_del parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) en WampServer 3.1.1 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el par\u00e1metro virtual_del."
}
],
"id": "CVE-2018-8732",
"lastModified": "2024-11-21T04:14:13.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-19T20:29:00.350",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forum.wampserver.com/read.php?2%2C138295%2C150615%2Cpage=6#msg-150615"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44384/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.wampserver.com/read.php?2%2C138295%2C150615%2Cpage=6#msg-150615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44384/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-25 19:29
Modified
2024-11-21 04:14
Severity ?
Summary
Wampserver before 3.1.3 has CSRF in add_vhost.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wampserver | wampserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wampserver:wampserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66BCE361-5C90-4FFE-955A-57B5B63FA237",
"versionEndExcluding": "3.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Wampserver before 3.1.3 has CSRF in add_vhost.php."
},
{
"lang": "es",
"value": "Wampserver en versiones anteriores a la 3.1.3 tiene Cross-Site Request Forgery (CSRF) en add_vhost.php."
}
],
"id": "CVE-2018-8817",
"lastModified": "2024-11-21T04:14:22.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-25T19:29:00.213",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forum.wampserver.com/read.php?2%2C138295%2C150722%2Cpage=6#msg-150722"
},
{
"source": "cve@mitre.org",
"url": "https://seclists.org/bugtraq/2019/Jun/10"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44385/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.wampserver.com/read.php?2%2C138295%2C150722%2Cpage=6#msg-150722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2019/Jun/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/44385/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-08-30 21:15
Modified
2024-11-21 07:13
Severity ?
Summary
Incorrect access control in the install directory (C:\Wamp64) of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/ycdxsb/Vuln/blob/main/Wamp-Vuln/Wamp-Vuln.md | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ycdxsb/Vuln/blob/main/Wamp-Vuln/Wamp-Vuln.md | Broken Link, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wampserver | wampserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wampserver:wampserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18146C99-7C32-4B15-8183-9C1B9E57B781",
"versionEndIncluding": "3.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect access control in the install directory (C:\\Wamp64) of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory."
},
{
"lang": "es",
"value": "Un control de acceso incorrecto en el directorio de instalaci\u00f3n (C:\\Wamp64) de Wamp versiones v3.2.6 y anteriores, permite a atacantes autenticados ejecutar c\u00f3digo arbitrario por medio de la sobreescritura de binarios ubicados en el directorio"
}
],
"id": "CVE-2022-36565",
"lastModified": "2024-11-21T07:13:19.037",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-30T21:15:09.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/ycdxsb/Vuln/blob/main/Wamp-Vuln/Wamp-Vuln.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/ycdxsb/Vuln/blob/main/Wamp-Vuln/Wamp-Vuln.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-10 18:29
Modified
2024-11-21 04:21
Severity ?
Summary
WampServer before 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://seclists.org/bugtraq/2019/Jun/10 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Jun/10 | Exploit, Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wampserver | wampserver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wampserver:wampserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBBDAC2D-8D60-40D9-B19B-E242C26553AF",
"versionEndExcluding": "3.1.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WampServer before 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner."
},
{
"lang": "es",
"value": "WampServer versi\u00f3n anterior 3.1.9, tiene CSRF en add_vhost.php porque el patr\u00f3n sincronizador implementado como remediaci\u00f3n de CVE-2018-8817 estaba incompleto. Un atacante podr\u00eda dd/delete any vhosts sin el consentimiento del propietario."
}
],
"id": "CVE-2019-11517",
"lastModified": "2024-11-21T04:21:16.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-10T18:29:00.597",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jun/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Jun/10"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-27 07:59
Modified
2025-04-12 10:46
Severity ?
Summary
WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000.exe' with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called wampmanager.exe or unins000.exe and replace the original files. The next time one of these programs is launched by a more privileged user, malicious code chosen by the local attacker will run. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which "'someone' (an attacker) is able to replace files on a PC" is not "the fault of WampServer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| wampserver | wampserver | 3.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wampserver:wampserver:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B1675566-C129-48B9-9ABF-8359CA71168C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WampServer 3.0.6 has two files called \u0027wampmanager.exe\u0027 and \u0027unins000.exe\u0027 with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called wampmanager.exe or unins000.exe and replace the original files. The next time one of these programs is launched by a more privileged user, malicious code chosen by the local attacker will run. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which \"\u0027someone\u0027 (an attacker) is able to replace files on a PC\" is not \"the fault of WampServer."
},
{
"lang": "es",
"value": "** DISPUTADA ** WampServer 3.0.6 tiene dos archivos llamados \u0027wampmanager.exe\u0027 y \u0027unins000.exe\u0027 con un ACL d\u00e9bil para Modify. Esto podr\u00eda potencialmente permitir a un usuario local autorizado pero sin privilegios ejecutar c\u00f3digo arbitrario con privilegios elevados en el sistema. Para explotar esta vulnerabilidad adecuadamente, el atacante local debe insertar un archivo ejecutable llamado wampmanager.exe o unins000.exe y reemplazar los archivos originales. La pr\u00f3xima vez que uno de estos programas se lance por un usuario m\u00e1s privilegiado, se ejecutar\u00e1 el c\u00f3digo malicioso elegido por el atacante local. NOTA: el vendedor cuestiona la relevancia de este informe, adoptando la postura de que una configuraci\u00f3n en la que \"\u0027alguien\u0027 (un atacante) es capaz de reemplazar archivos en un PC\" no es \"la culpa de WampServer\"."
}
],
"id": "CVE-2016-10072",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2016-12-27T07:59:00.197",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forum.wampserver.com/read.php?2%2C144473"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://packetstormsecurity.com/files/138948/wampserver306-insecure.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.wampserver.com/read.php?2%2C144473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://packetstormsecurity.com/files/138948/wampserver306-insecure.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}