Plone Arbitrary Code Execution via Unsafe Handling of Pickles

🗓️ 01 May 2022 18:36:14Reported by GitHub Advisory DatabaseType

Plone allows arbitrary code execution via unsafe pickle handlin

Reporter	Title	Published	Views	Family All 28
CVE	CVE-2007-5741	7 Nov 200721:00	–	cve
Cvelist	CVE-2007-5741	7 Nov 200721:00	–	cvelist
Debian	[SECURITY] [DSA 1405-1] New zope-cmfplone packages fix arbitrary code execution	9 Nov 200722:38	–	debian
Debian	[SECURITY] [DSA 1405-2] New zope-cmfplone packages fix regression	11 Nov 200716:43	–	debian
Debian	[SECURITY] [DSA 1405-3] New zope-cmfplone packages fix regression	27 Dec 200721:21	–	debian
Tenable Nessus	Debian DSA-1405-3 : zope-cmfplone - missing input sanitising	12 Nov 200700:00	–	nessus
Tenable Nessus	FreeBSD : plone -- unsafe data interpreted as pickles (ffba6ab0-90b5-11dc-9835-003048705d5a)	12 Nov 200700:00	–	nessus
EUVD	EUVD-2007-0002	7 Oct 202500:30	–	euvd
FreeBSD	plone -- unsafe data interpreted as pickles	6 Nov 200700:00	–	freebsd
NVD	CVE-2007-5741	7 Nov 200721:46	–	nvd

Vulners

Node

plone ploneRange3.0–3.0.2pip

plone ploneRange2.5–2.5.4pip

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2007-5741
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/38288
debian	www.debian.org/security/2007/dsa-1405
web	www.web.archive.org/web/20080507055819/https://plone.org/about/security/advisories/cve-2007-5741
web	www.web.archive.org/web/20080517012557/http://www.securityfocus.com/bid/26354
web	www.web.archive.org/web/20080906150436/http://www.securityfocus.com/archive/1/483343/100/0/threaded
github	www.github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2007-4.yaml
plone	www.plone.org/about/security/advisories/cve-2007-5741
github	www.github.com/advisories/GHSA-hf26-vvmx-x8c8

26 Nov 2024 16:50Current

7.8High risk

Vulners AI Score7.8

CVSS 27.5

EPSS0.0361