CVE-2020-11107: 
XAMPP vulnerability analysis and mitigation

CVE-2020-11107 is a security vulnerability discovered in XAMPP versions before 7.2.29, 7.3.x before 7.3.16, and 7.4.x before 7.4.4 specifically affecting Windows platforms. The vulnerability allows an unprivileged user to modify the xampp-control.ini configuration file, potentially enabling arbitrary command execution that affects all users, including administrators (MITRE CVE, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue is classified under CWE-732 (Incorrect Permission Assignment for Critical Resource). The vulnerability specifically involves the ability to manipulate the .exe configuration in the xampp-control.ini file, which can be exploited to execute arbitrary commands when other users access the control panel (NVD).

The vulnerability enables an unprivileged user to execute arbitrary commands through the XAMPP control panel, potentially affecting all users including administrators. This could lead to complete system compromise as it allows for privilege escalation and unauthorized command execution (Apache Friends).

Users should upgrade to XAMPP versions 7.2.29, 7.3.16, or 7.4.4 or later, depending on their current version branch. This security issue only affects Windows platforms and does not impact Linux or OS X installations (Apache Friends).