Plone 2.5 up to and including 2.5.4 and 3.0 up to and including 3.0.2 allows remote malicious users to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
plone plone 2.5 |
||
plone plone 2.5.1 |
||
plone plone 2.5_beta1 |
||
plone plone 3.0 |
||
plone plone 3.0.1 |
||
plone plone 3.0.2 |
||
plone plone 2.5.1_rc |
||
plone plone 2.5.4 |