CVE-2015-5723Annotations vulnerability

CWE-26411 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 90.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
21
AWS Aws-sdk-phpDoctrine AnnotationsDoctrine Cache+18 more
Timeline
PublishedJun 7
Latest updateMay 17

Description

Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages20 packages

Packagistdoctrine/cache1.4.01.4.2+1
Packagistdoctrine/mongodb-odm-bundle< 3.0.1
Packagistdoctrine/mongodb-odm< 1.0.2

Also affects: Debian Linux 7.0, 8.0

🔴Vulnerability Details

4
GHSA
Doctrine Security Misconfiguration Vulnerability2022-05-17
OSV
Doctrine Security Misconfiguration Vulnerability2022-05-17
OSV
CVE-2015-5723: Doctrine Annotations before 12016-06-07
CVEList
CVE-2015-5723: Doctrine Annotations before 12016-06-07

📋Vendor Advisories

1
Debian
CVE-2015-5723: doctrine - Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Co...2015

🕵️Threat Intelligence

1
Wiz
GHSA-27qh-8cxx-2cr5 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

4
Bugzilla
CVE-2015-5723 php-ZendFramework: filesystem permissions issues in multiple components (ZF2015-07)2015-10-06
Bugzilla
CVE-2015-5723 php-ZendFramework: various flaws [epel-all]2015-10-06
Bugzilla
CVE-2015-5723 php-ZendFramework2: php-ZendFramework: filesystem permissions issues in multiple components (ZF2015-07) [epel-6]2015-10-06
Bugzilla
CVE-2015-5723 php-ZendFramework: various flaws [fedora-all]2015-10-06
CVE-2015-5723 — Doctrine Annotations vulnerability | cvebase