VYPR

Wampserver

by Wampserver

Source repositories

CVEs (7)

  • CVE-2018-8817HigMar 25, 2018
    risk 0.60cvss 8.8epss 0.03

    Wampserver before 3.1.3 has CSRF in add_vhost.php.

  • CVE-2016-10031HigDec 27, 2016
    risk 0.52cvss 7.5epss 0.01

    WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To…

  • CVE-2018-8732MedMar 19, 2018
    risk 0.38cvss 5.4epss 0.02

    Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the virtual_del parameter.

  • CVE-2016-10072MedDec 27, 2016
    risk 0.34cvss 5.3epss 0.01

    WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000.exe' with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this…

  • CVE-2010-0700Feb 23, 2010
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

  • CVE-2019-11517Jun 10, 2019
    risk 0.00cvss epss 0.00

    WampServer before 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner.

  • CVE-2018-1000848Dec 20, 2018
    risk 0.00cvss epss 0.01

    Wampserver version prior to version 3.1.5 contains a Cross Site Scripting (XSS) vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later.