CVE-2012-10062

HIGH

XAMPP < 1.7.3 - Authenticated Remote Code Execution via WebDAV PHP Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-10062. PoCs published by Metasploit, theLightCosine, g0tmi1k, theLightCosine, including Metasploit module exploits/multi/http/webdav_upload_php.

AI-analyzed exploit summary This Metasploit module exploits weak WebDAV credentials on XAMPP servers to upload and execute a PHP payload. It uses HTTP Digest Authentication to upload a malicious PHP file via PUT request and then triggers execution via GET request.

Description

A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests using default credentials. This permits attackers to upload a malicious PHP payload and trigger its execution via a subsequent GET request, resulting in remote code execution on the server.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/18367

This Metasploit module exploits weak WebDAV credentials on XAMPP servers to upload and execute a PHP payload. It uses HTTP Digest Authentication to upload a malicious PHP file via PUT request and then triggers execution via GET request.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: XAMPP (WebDAV with default/weak credentials)
Auth required
Prerequisites: XAMPP with WebDAV enabled · Known/weak WebDAV credentials (default: wampp/xampp) · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by theLightCosine, g0tmi1k · rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/webdav_upload_php.rb

This Metasploit module exploits a WebDAV misconfiguration in XAMPP servers to upload and execute arbitrary PHP payloads. It leverages HTTP PUT requests to upload a malicious PHP file and then executes it via HTTP GET, achieving remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: XAMPP (with WebDAV and PHP enabled)
Auth required
Prerequisites: WebDAV enabled · PHP support on the server · Valid credentials (or anonymous access)
devstral-2 · analyzed Apr 21, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by theLightCosine · rubypocphp
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/xampp_webdav_upload_php.rb

This Metasploit module exploits weak WebDAV credentials in XAMPP servers to upload and execute a PHP payload. It uses HTTP PUT to upload the payload and then triggers execution via HTTP GET.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: XAMPP (versions with weak WebDAV credentials)
Auth required
Prerequisites: Valid WebDAV credentials (default: wampp/xampp) · WebDAV enabled on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v4 8.7
EPSS 0.6177
EPSS Percentile 98.4%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-306 CWE-434
Status published
Products (1)
Apache Friends/XAMPP < 1.7.3
Published Aug 30, 2025
Tracked Since Feb 18, 2026