XAMPP Example Pages Detection

high Nessus Plugin ID 33822

Language:

Synopsis

The remote web server allows access to its example pages.

Description

The remote web server makes available example scripts from XAMPP, an easy-to-install Apache distribution containing MySQL, PHP, and Perl. Allowing access to these examples is not recommended since some are known to disclose sensitive information about the remote host and others may be affected by vulnerabilities such as cross-site scripting issues. Additionally, some pages have known cross-site scripting, SQL injection, and local file inclusion vulnerabilities.

Solution

Consult XAMPP's documentation for information about securing the example pages as well as other applications if necessary.

Plugin Details

Severity: High

ID: 33822

File Name: xampp_pages_accessible.nasl

Version: 1.10

Type: remote

Family: CGI abuses

Published: 8/5/2008

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Detections

Analytics