Vulnerability Details CVE-2007-5741
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.034
EPSS Ranking 86.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://osvdb.org/42071
- http://osvdb.org/42072
- http://plone.org/about/security/advisories/cve-2007-5741
- http://secunia.com/advisories/27530
- http://secunia.com/advisories/27559
- http://www.debian.org/security/2007/dsa-1405
- http://www.securityfocus.com/archive/1/483343/100/0/threaded
- http://www.securityfocus.com/bid/26354
- http://www.vupen.com/english/advisories/2007/3754
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38288
- http://osvdb.org/42071
- http://osvdb.org/42072
- http://plone.org/about/security/advisories/cve-2007-5741
- http://secunia.com/advisories/27530
- http://secunia.com/advisories/27559
- http://www.debian.org/security/2007/dsa-1405
- http://www.securityfocus.com/archive/1/483343/100/0/threaded
- http://www.securityfocus.com/bid/26354
- http://www.vupen.com/english/advisories/2007/3754
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38288
Products affected by CVE-2007-5741
-
cpe:2.3:a:plone:plone:2.5
-
cpe:2.3:a:plone:plone:2.5.1
-
cpe:2.3:a:plone:plone:2.5.1_rc
-
cpe:2.3:a:plone:plone:2.5.4
-
cpe:2.3:a:plone:plone:2.5_beta1
-
cpe:2.3:a:plone:plone:3.0
-
cpe:2.3:a:plone:plone:3.0.1
-
cpe:2.3:a:plone:plone:3.0.2