CVE-2015-5723
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.
Doctrine Annotations en versiones anteriores a 1.2.7, Cache en versiones anteriores a 1.3.2 y 1.4.x en versiones anteriores a 1.4.2, Common en versiones anteriores a 2.4.3 y 2.5.x en versiones anteriores a 2.5.1, ORM en versiones anteriores 2.4.8 o 2.5.x en versiones anteriores 2.5.1, MongoDB ODM en versiones anteriores a 1.0.2 y MongoDB ODM Bundle en versiones anteriores a 3.0.1 utilizan permisos de escritura universal para directorios de caché, lo que permite a usuarios locales ejecutar código PHP arbitrario con privilegios adicionales aprovechando una aplicación con el umask establecido a 0 y que ejecuta entradas de caché como código.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-08-03 CVE Reserved
- 2015-10-07 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://framework.zend.com/security/advisory/ZF2015-07 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Zend Search vendor "Zend" | Zend-cache Search vendor "Zend" for product "Zend-cache" | <= 2.4.7 Search vendor "Zend" for product "Zend-cache" and version " <= 2.4.7" | - |
Affected
| ||||||
Zend Search vendor "Zend" | Zend-cache Search vendor "Zend" for product "Zend-cache" | 2.5.0 Search vendor "Zend" for product "Zend-cache" and version "2.5.0" | - |
Affected
| ||||||
Zend Search vendor "Zend" | Zend-cache Search vendor "Zend" for product "Zend-cache" | 2.5.1 Search vendor "Zend" for product "Zend-cache" and version "2.5.1" | - |
Affected
| ||||||
Zend Search vendor "Zend" | Zend-cache Search vendor "Zend" for product "Zend-cache" | 2.5.2 Search vendor "Zend" for product "Zend-cache" and version "2.5.2" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Doctrine-project Search vendor "Doctrine-project" | Object Relational Mapper Search vendor "Doctrine-project" for product "Object Relational Mapper" | <= 2.4.7 Search vendor "Doctrine-project" for product "Object Relational Mapper" and version " <= 2.4.7" | - |
Affected
| ||||||
Doctrine-project Search vendor "Doctrine-project" | Object Relational Mapper Search vendor "Doctrine-project" for product "Object Relational Mapper" | 2.5.0 Search vendor "Doctrine-project" for product "Object Relational Mapper" and version "2.5.0" | - |
Affected
| ||||||
Doctrine-project Search vendor "Doctrine-project" | Object Relational Mapper Search vendor "Doctrine-project" for product "Object Relational Mapper" | 2.5.0 Search vendor "Doctrine-project" for product "Object Relational Mapper" and version "2.5.0" | alpha1 |
Affected
| ||||||
Doctrine-project Search vendor "Doctrine-project" | Object Relational Mapper Search vendor "Doctrine-project" for product "Object Relational Mapper" | 2.5.0 Search vendor "Doctrine-project" for product "Object Relational Mapper" and version "2.5.0" | alpha2 |
Affected
| ||||||
Doctrine-project Search vendor "Doctrine-project" | Object Relational Mapper Search vendor "Doctrine-project" for product "Object Relational Mapper" | 2.5.0 Search vendor "Doctrine-project" for product "Object Relational Mapper" and version "2.5.0" | beta1 |
Affected
| ||||||
Doctrine-project Search vendor "Doctrine-project" | Object Relational Mapper Search vendor "Doctrine-project" for product "Object Relational Mapper" | 2.5.0 Search vendor "Doctrine-project" for product "Object Relational Mapper" and version "2.5.0" | rc1 |
Affected
| ||||||
Doctrine-project Search vendor "Doctrine-project" | Object Relational Mapper Search vendor "Doctrine-project" for product "Object Relational Mapper" | 2.5.0 Search vendor "Doctrine-project" for product "Object Relational Mapper" and version "2.5.0" | rc2 |
Affected
| ||||||
Doctrine-project Search vendor "Doctrine-project" | Doctrinemongodbbundle Search vendor "Doctrine-project" for product "Doctrinemongodbbundle" | 3.0.0 Search vendor "Doctrine-project" for product "Doctrinemongodbbundle" and version "3.0.0" | - |
Affected
| ||||||
Zend Search vendor "Zend" | Zend Framework Search vendor "Zend" for product "Zend Framework" | <= 2.4.7 Search vendor "Zend" for product "Zend Framework" and version " <= 2.4.7" | - |
Affected
| ||||||
Doctrine-project Search vendor "Doctrine-project" | Common Search vendor "Doctrine-project" for product "Common" | <= 2.4.2 Search vendor "Doctrine-project" for product "Common" and version " <= 2.4.2" | - |
Affected
| ||||||
Doctrine-project Search vendor "Doctrine-project" | Common Search vendor "Doctrine-project" for product "Common" | 2.5.0 Search vendor "Doctrine-project" for product "Common" and version "2.5.0" | - |
Affected
| ||||||
Doctrine-project Search vendor "Doctrine-project" | Common Search vendor "Doctrine-project" for product "Common" | 2.5.0 Search vendor "Doctrine-project" for product "Common" and version "2.5.0" | beta1 |
Affected
| ||||||
Doctrine-project Search vendor "Doctrine-project" | Annotations Search vendor "Doctrine-project" for product "Annotations" | <= 1.2.6 Search vendor "Doctrine-project" for product "Annotations" and version " <= 1.2.6" | - |
Affected
| ||||||
Doctrine-project Search vendor "Doctrine-project" | Mongodb-odm Search vendor "Doctrine-project" for product "Mongodb-odm" | <= 1.0.1 Search vendor "Doctrine-project" for product "Mongodb-odm" and version " <= 1.0.1" | - |
Affected
| ||||||
Zend Search vendor "Zend" | Zend Framework Search vendor "Zend" for product "Zend Framework" | <= 1.12.15 Search vendor "Zend" for product "Zend Framework" and version " <= 1.12.15" | - |
Affected
| ||||||
Doctrine-project Search vendor "Doctrine-project" | Cache Search vendor "Doctrine-project" for product "Cache" | <= 1.3.1 Search vendor "Doctrine-project" for product "Cache" and version " <= 1.3.1" | - |
Affected
| ||||||
Doctrine-project Search vendor "Doctrine-project" | Cache Search vendor "Doctrine-project" for product "Cache" | 1.4.0 Search vendor "Doctrine-project" for product "Cache" and version "1.4.0" | - |
Affected
| ||||||
Doctrine-project Search vendor "Doctrine-project" | Cache Search vendor "Doctrine-project" for product "Cache" | 1.4.1 Search vendor "Doctrine-project" for product "Cache" and version "1.4.1" | - |
Affected
| ||||||
Zend Search vendor "Zend" | Zf-apigility-doctrine Search vendor "Zend" for product "Zf-apigility-doctrine" | <= 1.0.2 Search vendor "Zend" for product "Zf-apigility-doctrine" and version " <= 1.0.2" | - |
Affected
|