What is CVE-2012-10062?

CVE-2012-10062 is a vulnerability in Apache Friends Xampp, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-08-30.

Is CVE-2012-10062 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Apache Friends Xampp

CVE-2012-10062

A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP P…

Vulnerability class: Unrestricted File Upload

EPSS: 0.618 (98.4th percentile) — read the EPSS interpretation.

Affected products

Apache Friends Xampp — versions 0

Weakness classification (CWE)

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/w… (exploit)
www.exploit-db.com/exploits/18367 (exploit)
www.apachefriends.org/index.html (product)
www.vulncheck.com/advisories/xampp-webdav-php-upload-auth-bypass-rce (third-party-advisory)

Frequently asked questions

What is CVE-2012-10062?: CVE-2012-10062 is a vulnerability in Apache Friends Xampp, classified under Unrestricted Upload of File with Dangerous Type. Published 2025-08-30.
Is CVE-2012-10062 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.