CVE-2015-5723

Published Jun 7, 2016

Last updated a year ago

CVSS high 7.8

Overview

Description: Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zend:zend-cache:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67A5BE81-0B49-43A9-B4D3-54FCE0D6AE28",
            "versionEndIncluding": "2.4.7"
          },
          {
            "criteria": "cpe:2.3:a:zend:zend-cache:2.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E95FED4-A1B2-4851-AF95-0979121C0A69"
          },
          {
            "criteria": "cpe:2.3:a:zend:zend-cache:2.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DAC6C748-A52E-47A4-A615-70E59D1D30EC"
          },
          {
            "criteria": "cpe:2.3:a:zend:zend-cache:2.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED45A472-B109-44FA-901B-164DF0F4DF40"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8904C198-BB8B-4E8C-80ED-CC4676065781",
            "versionEndIncluding": "2.4.7"
          },
          {
            "criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5ED8B959-CE8F-49AA-B998-8598C8F0A6D3"
          },
          {
            "criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2A8659A-7A7F-40B9-B60F-71FE4637B016"
          },
          {
            "criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C887BAC-8EEC-4F3D-B1D8-023B80A3D8B1"
          },
          {
            "criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75BA49E2-ABC5-4A61-968B-1CAA2FF7A942"
          },
          {
            "criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2D4F787-6BE1-4CC6-9A24-00EE601ACCEE"
          },
          {
            "criteria": "cpe:2.3:a:doctrine-project:object_relational_mapper:2.5.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E14E6992-D334-465E-ACE9-F0D0DA6FDC05"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:doctrine-project:doctrinemongodbbundle:3.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E8FB62B-8DB3-46D9-9636-B877B10061C1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AB7019C-C868-4512-8855-F6ED2AC6A3A7",
            "versionEndIncluding": "2.4.7"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:doctrine-project:common:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F004153E-7D36-4621-96DC-C47522EC1204",
            "versionEndIncluding": "2.4.2"
          },
          {
            "criteria": "cpe:2.3:a:doctrine-project:common:2.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A88FB2A6-8AE3-46F4-91EB-BD7CAE22A83D"
          },
          {
            "criteria": "cpe:2.3:a:doctrine-project:common:2.5.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF529016-31C4-4948-BA5C-3ED7C3DE062C"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:doctrine-project:annotations:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "520EA826-22BD-496F-9DC9-267C76319B23",
            "versionEndIncluding": "1.2.6"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:doctrine-project:mongodb-odm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF62C793-9B7F-4B67-A7AC-CD27F6670B2D",
            "versionEndIncluding": "1.0.1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2CA52AF-D551-4CE9-A4CD-F264F702634A",
            "versionEndIncluding": "1.12.15"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:doctrine-project:cache:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "809D06DE-60BB-4697-94E7-CEE067FED890",
            "versionEndIncluding": "1.3.1"
          },
          {
            "criteria": "cpe:2.3:a:doctrine-project:cache:1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E592D06-5F25-4015-A780-595130F48055"
          },
          {
            "criteria": "cpe:2.3:a:doctrine-project:cache:1.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0E6EA11-5D22-42C7-A085-28CCF728F4C5"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:zend:zf-apigility-doctrine:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "461C9713-8E45-4642-8D35-F9878F931080",
            "versionEndIncluding": "1.0.2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References