7.8
CVE-2015-5723
- EPSS 0.1%
- Veröffentlicht 07.06.2016 14:06:08
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zend ≫ Zend-cache Version <= 2.4.7
Zend ≫ Zend-cache Version2.5.0
Zend ≫ Zend-cache Version2.5.1
Zend ≫ Zend-cache Version2.5.2
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Doctrine-project ≫ Object Relational Mapper Version <= 2.4.7
Doctrine-project ≫ Object Relational Mapper Version2.5.0
Doctrine-project ≫ Object Relational Mapper Version2.5.0 Updatealpha1
Doctrine-project ≫ Object Relational Mapper Version2.5.0 Updatealpha2
Doctrine-project ≫ Object Relational Mapper Version2.5.0 Updatebeta1
Doctrine-project ≫ Object Relational Mapper Version2.5.0 Updaterc1
Doctrine-project ≫ Object Relational Mapper Version2.5.0 Updaterc2
Doctrine-project ≫ Doctrinemongodbbundle Version3.0.0
Zend ≫ Zend Framework Version <= 2.4.7
Doctrine-project ≫ Common Version <= 2.4.2
Doctrine-project ≫ Common Version2.5.0
Doctrine-project ≫ Common Version2.5.0 Updatebeta1
Doctrine-project ≫ Annotations Version <= 1.2.6
Doctrine-project ≫ Mongodb-odm Version <= 1.0.1
Zend ≫ Zend Framework Version <= 1.12.15
Doctrine-project ≫ Cache Version <= 1.3.1
Doctrine-project ≫ Cache Version1.4.0
Doctrine-project ≫ Cache Version1.4.1
Zend ≫ Zf-apigility-doctrine Version <= 1.0.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Typ | Quelle | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.1% | 0.287 |
Quelle | Base Score | Exploit Score | Impact Score | Vector String |
---|---|---|---|---|
nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|