CVE-2015-5723
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.
Doctrine Annotations en versiones anteriores a 1.2.7, Cache en versiones anteriores a 1.3.2 y 1.4.x en versiones anteriores a 1.4.2, Common en versiones anteriores a 2.4.3 y 2.5.x en versiones anteriores a 2.5.1, ORM en versiones anteriores 2.4.8 o 2.5.x en versiones anteriores 2.5.1, MongoDB ODM en versiones anteriores a 1.0.2 y MongoDB ODM Bundle en versiones anteriores a 3.0.1 utilizan permisos de escritura universal para directorios de caché, lo que permite a usuarios locales ejecutar código PHP arbitrario con privilegios adicionales aprovechando una aplicación con el umask establecido a 0 y que ejecuta entradas de caché como código.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-08-03 CVE Reserved
- 2015-10-07 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://framework.zend.com/security/advisory/ZF2015-07 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zend Search vendor "Zend" | Zend-cache Search vendor "Zend" for product "Zend-cache" | <= 2.4.7 Search vendor "Zend" for product "Zend-cache" and version " <= 2.4.7" | - |
Affected
| ||||||
| Zend Search vendor "Zend" | Zend-cache Search vendor "Zend" for product "Zend-cache" | 2.5.0 Search vendor "Zend" for product "Zend-cache" and version "2.5.0" | - |
Affected
| ||||||
| Zend Search vendor "Zend" | Zend-cache Search vendor "Zend" for product "Zend-cache" | 2.5.1 Search vendor "Zend" for product "Zend-cache" and version "2.5.1" | - |
Affected
| ||||||
| Zend Search vendor "Zend" | Zend-cache Search vendor "Zend" for product "Zend-cache" | 2.5.2 Search vendor "Zend" for product "Zend-cache" and version "2.5.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Doctrine-project Search vendor "Doctrine-project" | Object Relational Mapper Search vendor "Doctrine-project" for product "Object Relational Mapper" | <= 2.4.7 Search vendor "Doctrine-project" for product "Object Relational Mapper" and version " <= 2.4.7" | - |
Affected
| ||||||
| Doctrine-project Search vendor "Doctrine-project" | Object Relational Mapper Search vendor "Doctrine-project" for product "Object Relational Mapper" | 2.5.0 Search vendor "Doctrine-project" for product "Object Relational Mapper" and version "2.5.0" | - |
Affected
| ||||||
| Doctrine-project Search vendor "Doctrine-project" | Object Relational Mapper Search vendor "Doctrine-project" for product "Object Relational Mapper" | 2.5.0 Search vendor "Doctrine-project" for product "Object Relational Mapper" and version "2.5.0" | alpha1 |
Affected
| ||||||
| Doctrine-project Search vendor "Doctrine-project" | Object Relational Mapper Search vendor "Doctrine-project" for product "Object Relational Mapper" | 2.5.0 Search vendor "Doctrine-project" for product "Object Relational Mapper" and version "2.5.0" | alpha2 |
Affected
| ||||||
| Doctrine-project Search vendor "Doctrine-project" | Object Relational Mapper Search vendor "Doctrine-project" for product "Object Relational Mapper" | 2.5.0 Search vendor "Doctrine-project" for product "Object Relational Mapper" and version "2.5.0" | beta1 |
Affected
| ||||||
| Doctrine-project Search vendor "Doctrine-project" | Object Relational Mapper Search vendor "Doctrine-project" for product "Object Relational Mapper" | 2.5.0 Search vendor "Doctrine-project" for product "Object Relational Mapper" and version "2.5.0" | rc1 |
Affected
| ||||||
| Doctrine-project Search vendor "Doctrine-project" | Object Relational Mapper Search vendor "Doctrine-project" for product "Object Relational Mapper" | 2.5.0 Search vendor "Doctrine-project" for product "Object Relational Mapper" and version "2.5.0" | rc2 |
Affected
| ||||||
| Doctrine-project Search vendor "Doctrine-project" | Doctrinemongodbbundle Search vendor "Doctrine-project" for product "Doctrinemongodbbundle" | 3.0.0 Search vendor "Doctrine-project" for product "Doctrinemongodbbundle" and version "3.0.0" | - |
Affected
| ||||||
| Zend Search vendor "Zend" | Zend Framework Search vendor "Zend" for product "Zend Framework" | <= 2.4.7 Search vendor "Zend" for product "Zend Framework" and version " <= 2.4.7" | - |
Affected
| ||||||
| Doctrine-project Search vendor "Doctrine-project" | Common Search vendor "Doctrine-project" for product "Common" | <= 2.4.2 Search vendor "Doctrine-project" for product "Common" and version " <= 2.4.2" | - |
Affected
| ||||||
| Doctrine-project Search vendor "Doctrine-project" | Common Search vendor "Doctrine-project" for product "Common" | 2.5.0 Search vendor "Doctrine-project" for product "Common" and version "2.5.0" | - |
Affected
| ||||||
| Doctrine-project Search vendor "Doctrine-project" | Common Search vendor "Doctrine-project" for product "Common" | 2.5.0 Search vendor "Doctrine-project" for product "Common" and version "2.5.0" | beta1 |
Affected
| ||||||
| Doctrine-project Search vendor "Doctrine-project" | Annotations Search vendor "Doctrine-project" for product "Annotations" | <= 1.2.6 Search vendor "Doctrine-project" for product "Annotations" and version " <= 1.2.6" | - |
Affected
| ||||||
| Doctrine-project Search vendor "Doctrine-project" | Mongodb-odm Search vendor "Doctrine-project" for product "Mongodb-odm" | <= 1.0.1 Search vendor "Doctrine-project" for product "Mongodb-odm" and version " <= 1.0.1" | - |
Affected
| ||||||
| Zend Search vendor "Zend" | Zend Framework Search vendor "Zend" for product "Zend Framework" | <= 1.12.15 Search vendor "Zend" for product "Zend Framework" and version " <= 1.12.15" | - |
Affected
| ||||||
| Doctrine-project Search vendor "Doctrine-project" | Cache Search vendor "Doctrine-project" for product "Cache" | <= 1.3.1 Search vendor "Doctrine-project" for product "Cache" and version " <= 1.3.1" | - |
Affected
| ||||||
| Doctrine-project Search vendor "Doctrine-project" | Cache Search vendor "Doctrine-project" for product "Cache" | 1.4.0 Search vendor "Doctrine-project" for product "Cache" and version "1.4.0" | - |
Affected
| ||||||
| Doctrine-project Search vendor "Doctrine-project" | Cache Search vendor "Doctrine-project" for product "Cache" | 1.4.1 Search vendor "Doctrine-project" for product "Cache" and version "1.4.1" | - |
Affected
| ||||||
| Zend Search vendor "Zend" | Zf-apigility-doctrine Search vendor "Zend" for product "Zf-apigility-doctrine" | <= 1.0.2 Search vendor "Zend" for product "Zf-apigility-doctrine" and version " <= 1.0.2" | - |
Affected
| ||||||