Description
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
Remediation
References
Related Vulnerabilities
WordPress Plugin Rezgo Online Booking Multiple Cross-Site Scripting Vulnerabilities (1.8)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2203)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-7449)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-2141)
ownCloud Improper Authentication Vulnerability (CVE-2020-10254)