7.8

CVE-2015-5723

Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZendZend-cache Version <= 2.4.7
ZendZend-cache Version2.5.0
ZendZend-cache Version2.5.1
ZendZend-cache Version2.5.2
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
Doctrine-projectObject Relational Mapper Version2.5.0 Updatealpha1
Doctrine-projectObject Relational Mapper Version2.5.0 Updatealpha2
Doctrine-projectObject Relational Mapper Version2.5.0 Updatebeta1
Doctrine-projectObject Relational Mapper Version2.5.0 Updaterc1
Doctrine-projectObject Relational Mapper Version2.5.0 Updaterc2
ZendZend Framework Version <= 2.4.7
Doctrine-projectCommon Version <= 2.4.2
Doctrine-projectCommon Version2.5.0
Doctrine-projectCommon Version2.5.0 Updatebeta1
Doctrine-projectAnnotations Version <= 1.2.6
Doctrine-projectMongodb-odm Version <= 1.0.1
ZendZend Framework Version <= 1.12.15
Doctrine-projectCache Version <= 1.3.1
Doctrine-projectCache Version1.4.0
Doctrine-projectCache Version1.4.1
ZendZf-apigility-doctrine Version <= 1.0.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.1% 0.287
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C