security/xamppsecurity.php in XAMPP 1.6.8 performs an extract operation on the SERVER superglobal array, which allows remote attackers to spoof critical variables, as demonstrated by setting the REMOTE_ADDR variable to 127.0.0.1.
AV:N/AC:L/Au:S/C:N/I:P/A:P
20/03/2009
by Apachefriends
3 months ago