XAMPP version 7.4.6 resolves the critical CVE-2020-11107 local privilege escalation vulnerability found in earlier versions. While 7.4.6 mitigates this flaw, users should ensure proper configuration and security to avoid other potential vulnerabilities. Read the Apache Friends blog regarding the vulnerability at Apache Friends . Security vulnerability in XAMPP for Windows
Newer versions of XAMPP have corrected the service pathing to include quotes. xampp for windows 746 exploit
A slightly older but well-documented exploit specifically targeting (and impacting the 7.4.x branch) allows a regular user to become an administrator. XAMPP version 7
: Systems using specific code pages—including Traditional Chinese (950), Simplified Chinese (936), and Japanese (932)—are confirmed to be at higher risk. Analysis of the CVE-2020-11107 LPE Exploit Simplified Chinese (936)