Description

Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.

Remediation

References

CVE-2007-5741

Related Vulnerabilities

Apache HTTP Server Out-of-bounds Read Vulnerability (CVE-2017-7668)

LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-44967)

WordPress Plugin Total Security Multiple Vulnerabilities (3.4)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-7078)

WordPress Plugin Shopping Cart & eCommerce Store Cross-Site Request Forgery (5.1.0)

Severity

High

Classification

CVE-2007-5741 CWE-94

Tags

Missing Update Known Vulnerabilities