Description
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Out-of-bounds Read Vulnerability (CVE-2017-7668)
LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-44967)
WordPress Plugin Total Security Multiple Vulnerabilities (3.4)
WordPress Plugin Shopping Cart & eCommerce Store Cross-Site Request Forgery (5.1.0)