VDB
FSA-202402
FSA-202402
PUBLISHED
CVSS 9.100000381469727 CRITICAL
MES PCs shipped with Windows 10 come pre-installed with XAMPP. XAMPP is a bundle of third-party open-source applications including the Apache HTTP Server, the MariaDB database and more. From time to time, vulnerabilities in these applications are discovered. These are fixed in newer versions of XAMPP by updating the bundled applications. MES PCs shipped with Windows 10 include a copy of XAMPP which contains around 140 such vulnerabilities listed in this advisory. They can be fixed by replacing XAMPP with Festo Didactic's Factory Control Panel application.
Risk Scores
CVSS v3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Festo Didactic SE MES PC shipped with Windows 10 |
Exploit Intelligence
- some works on CVE-2018-19518 (github-poc-repo)
- alokaranasinghe/cve-2019-11043 (github-poc-repo)
- This repository provides a dockerized infrastructure and a python implementation of the CVE-2019-11043 exploit. (github-poc-repo)
- PHP-FPM Remote Code Execution Vulnerability (CVE-2019-11043) POC in Python (github-poc-repo)
- quick and dirty PHP RCE proof of concept (github-poc-repo)
- php-fpm+Nginx RCE (github-poc-repo)
- PHP-FPM Remote Command Execution Exploit (github-poc-repo)
- CVE-2019-11043 (github-poc-repo)
- CVE-2019-11043 LAB (github-poc-repo)
- Tenda AC10 Router exploit stack-based buffer overflow (github-poc-repo)
…and 77 more exploits
Timeline
- Jul 22, 2016 PoC Published
- Oct 21, 2023 PoC Published
- Feb 27, 2024 CVE Published
- Dec 8, 2025 CVE Updated