CVE-2007-5741

Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.

Link	Resource
http://plone.org/about/security/advisories/cve-2007-5741
http://www.securityfocus.com/bid/26354	Patch
http://secunia.com/advisories/27530	Patch Vendor Advisory
http://www.debian.org/security/2007/dsa-1405
http://secunia.com/advisories/27559
http://osvdb.org/42072
http://osvdb.org/42071
http://www.vupen.com/english/advisories/2007/3754
https://exchange.xforce.ibmcloud.com/vulnerabilities/38288
http://www.securityfocus.com/archive/1/483343/100/0/threaded

Configuration 1

cpe:2.3:a:plone:plone:2.5_beta1:*:*:*:*:*:*:* cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:* cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:* cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:* cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:* cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:* cpe:2.3:a:plone:plone:2.5.1_rc:*:*:*:*:*:*:* cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*

---

Published : 2007-11-07 09:46

Updated : 2018-10-15 09:46

---

NVD link : CVE-2007-5741

Mitre link : CVE-2007-5741

No products.

CWE-915