{"id":"CVE-2020-15145","details":"In Composer-Setup for Windows before version 6.0.0, if the developer's computer is shared with other users, a local attacker may be able to exploit the following scenarios. 1. A local regular user may modify the existing `C:\\ProgramData\\ComposerSetup\\bin\\composer.bat` in order to get elevated command execution when composer is run by an administrator. 2. A local regular user may create a specially crafted dll in the `C:\\ProgramData\\ComposerSetup\\bin` folder in order to get Local System privileges. See: https://itm4n.github.io/windows-server-netman-dll-hijacking. 3. If the directory of the php.exe selected by the user is not in the system path, it is added without checking that it is admin secured, as per Microsoft guidelines. See: https://msrc-blog.microsoft.com/2018/04/04/triaging-a-dll-planting-vulnerability.","modified":"2026-03-14T10:29:00.621910Z","published":"2020-08-14T17:15:14.377Z","related":["GHSA-wgrx-r3qv-332c"],"references":[{"type":"ADVISORY","url":"https://github.com/composer/windows-setup/security/advisories/GHSA-wgrx-r3qv-332c"},{"type":"FIX","url":"https://github.com/composer/windows-setup/commit/ca9f1435d368e3377e82d60ef0c7b795afa9f804"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/composer/windows-setup","events":[{"introduced":"0"},{"fixed":"d5c8ad0500be931a7b7d86d40d78da25a0fba5aa"},{"fixed":"ca9f1435d368e3377e82d60ef0c7b795afa9f804"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"6.0.0"}]}}],"versions":["v2.1","v2.2","v2.3","v2.4","v2.5","v2.6","v2.7","v2.8","v3.0","v4.1.0","v4.10.0","v4.2.0","v4.3.0","v4.4.0","v4.5.0","v4.6.0","v4.7.0","v4.8.0","v4.9.0","v5.0.0","v5.1.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15145.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"}]}