Description

Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.

Remediation

References

CVE-2007-5741

Related Vulnerabilities

Nginx Out-of-bounds Read Vulnerability (CVE-2023-27730)

Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5690)

WordPress Plugin WP E-Signature Remote Code Execution (1.5.6.5)

WordPress Plugin Sticky Menu on Scroll, Sticky Header, Sticky Welcome Bar for Any Theme-myStickymenu Unspecified Vulnerability (2.1.4)

WordPress Plugin Custom Content Type Manager Backdoor (0.9.8.8)

Severity

High

Classification

CVE-2007-5741 CWE-94

Tags

Missing Update Known Vulnerabilities