7.3 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.019 Low
EPSS
Percentile
88.2%
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
osvdb.org/42071
osvdb.org/42072
plone.org/about/security/advisories/cve-2007-5741
secunia.com/advisories/27530
secunia.com/advisories/27559
www.debian.org/security/2007/dsa-1405
www.securityfocus.com/archive/1/483343/100/0/threaded
www.securityfocus.com/bid/26354
www.vupen.com/english/advisories/2007/3754
exchange.xforce.ibmcloud.com/vulnerabilities/38288