Published: 07/11/2007 Updated: 15/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Plone 2.5 up to and including 2.5.4 and 3.0 up to and including 3.0.2 allows remote malicious users to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.

Vulnerable Product	Search on Vulmon	Subscribe to Product
plone plone 2.5
plone plone 2.5.1
plone plone 2.5_beta1
plone plone 3.0
plone plone 3.0.1
plone plone 3.0.2
plone plone 2.5.1_rc
plone plone 2.5.4

It was discovered that Plone, a web content management system, allows remote attackers to execute arbitrary code via specially crafted web browser cookies The oldstable distribution (sarge) is not affected by this problem For the stable distribution (etch) this problem has been fixed in version 251-4etch3 For the unstable distribution (sid) th ...

CWE-94 http://plone.org/about/security/advisories/cve-2007-5741 http://www.securityfocus.com/bid/26354 http://secunia.com/advisories/27530 http://www.debian.org/security/2007/dsa-1405 http://secunia.com/advisories/27559 http://osvdb.org/42072 http://osvdb.org/42071 http://www.vupen.com/english/advisories/2007/3754 https://exchange.xforce.ibmcloud.com/vulnerabilities/38288 http://www.securityfocus.com/archive/1/483343/100/0/threaded https://nvd.nist.gov https://www.debian.org/security/./dsa-1405

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-5741

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect