CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-05-23 23:14:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
b0e96c877abb080d7cf221c036336480ff266ccf
CVEs-PoC/2015/CVE-2015-5723.md
T
0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00

20 lines
1012 B
Markdown
Raw Blame History

### [CVE-2015-5723](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
### Description
Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/racheyfi/phpComposerJSONGoof
- https://github.com/xthk/fake-vulnerabilities-php-composer
Reference in New Issue View Git Blame Copy Permalink