Description

Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.

Remediation

References

CVE-2007-5741

Related Vulnerabilities

WordPress Plugin Auto Amazon Links-Amazon Associates Affiliate Cross-Site Scripting (4.6.19)

WordPress Plugin Groups Multiple Cross-Site Scripting Vulnerabilities (1.8.0)

WordPress Plugin 360 Product Rotation Arbitrary File Upload (1.2.4)

Dolibarr Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2020-35136)

PHP Other Vulnerability (CVE-2007-1887)

Severity

High

Classification

CVE-2007-5741 CWE-94

Tags

Missing Update Known Vulnerabilities