NVD

Id
26799  
Name
CVE-2015-5723  
Description
Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.  
Reject
 
CVSS Version
2  
CVSS Score
7.2  
Severity
High  
CVSS Base Score
7.2  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-19  
Published
2016-06-07  
Modified Date
2016-11-28  
Seq
2015-5723  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
141838 26799 CVE-2015-5723 http://framework.zend.com/security/advisory/ZF2015-07  View
141839 26799 CVE-2015-5723 DSA-3369  View
141840 26799 CVE-2015-5723 http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html  View
141841 26799 CVE-2015-5723 FEDORA-2016-fa7e683c6e  View
141842 26799 CVE-2015-5723 FEDORA-2016-8dc0af2c29  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
11879 JVNDB-2015-007199 複数の Doctrine 製品における追加の権限で任意の PHP コードを実行される脆弱性 複数の Doctrine 製品は、キャッシュディレクトリに誰でも書き込み可能な (world-writable) パーミッションを使用するため、追加の権限で任意の PHP コードを実行される脆弱性が存在します。 CVE-2015-5723 82948 CVE-2015-5723 26799 7.2 7.8 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-007199.html 2015-08-31 2016-06-09 View