Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多款Zend产品本地提权漏洞
Vulnerability Description
多款Doctrine产品中存在安全漏洞,该漏洞源于程序为缓存目录分配全局可写权限。本地攻击者可借助特制的应用程序(umask设为0并将缓存条目以代码形式执行)利用该漏洞以附加权限执行任意PHP代码。以下产品及版本受到影响:Doctrine Annotations 1.2.7之前版本,Cache 1.3.2之前版本和1.4.2之前1.4.x版本,Common 2.4.3之前版本和2.5.1之前2.5.x版本,ORM 2.4.8之前版本和2.5.1之前2.5.x版本,MongoDB ODM 1.0.2之前版本
CVSS Information
N/A
Vulnerability Type
N/A