CVE-2007-2080

XAMPP 1.6.0a - SQL Injection via Test Scripts

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2080. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in XAMPP for Windows <= 1.6.0a via the adodb.php script, specifically in the mssql_connect() function. It leverages SEH overwrite to execute arbitrary commands by sending a maliciously crafted POST request.

Description

Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpremotewindows

https://www.exploit-db.com/exploits/3738

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in XAMPP for Windows <= 1.6.0a via the adodb.php script, specifically in the mssql_connect() function. It leverages SEH overwrite to execute arbitrary commands by sending a maliciously crafted POST request.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: XAMPP for Windows <= 1.6.0a

No auth needed

Prerequisites: Target must have XAMPP for Windows <= 1.6.0a with mssql extension enabled · Network access to the target server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/37440

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/3738

Scores

EPSS 0.0097

EPSS Percentile 57.4%

Details

Status published

Products (1)

xampp/apache_distribution 1.6.0a

Published Apr 18, 2007

Tracked Since Feb 18, 2026