CVE-2015-8994

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.6.28 PHP versions prior to 7.0.13

Description The issue exists due to inadequate access control when inheriting certain classes related to operational code in PHP configurations using apache2handler/mod php or php-fpm with OpCache enabled. This could allow a remote attacker to elevate their privileges. In shared-hosting configurations where PHP interpreters share a common parent process, Zend OpCache creates a shared memory object that can be used by child PHP processes to cache and retrieve compiled script bytecode. This can defeat script file permissions and potentially allow access to sensitive information, such as CMS configurations.

Recommendations For PHP versions prior to 5.6.28, consider setting opcache.validate permission=1 in a non-default configuration to resolve the issue. For PHP versions prior to 7.0.13, consider setting opcache.validate permission=1 in a non-default configuration to resolve the issue. As a temporary workaround, consider disabling the OpCache until a patch is available. Restrict access to sensitive PHP scripts to minimize the risk of exploitation.