CVE-2007-5741
CRITICAL9.8EPSS 3.6%zope-cmfplone - arbitrary code
Published: 5/1/2022Modified: 3/9/2026
Description
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
Affected packages (4)
- Debian/zope-cmfplonefrom 0, < 2.5.1-4etch1
- Debian/zope-cmfplonefrom 0, < 2.5.1-4etch2
- PyPI/plone>= 2.5, < 2.5.5
- PyPI/plone>= 2.5, < 2.5.5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (16)
- ADVISORYhttp://secunia.com/advisories/27530
- ADVISORYhttp://secunia.com/advisories/27559
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2007-5741
- ADVISORYhttp://www.vupen.com/english/advisories/2007/3754
- PATCHhttps://github.com/plone/Plone
- PATCHhttp://www.securityfocus.com/bid/26354
- WEBhttp://osvdb.org/42071
- WEBhttp://osvdb.org/42072
- WEBhttp://plone.org/about/security/advisories/cve-2007-5741
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/38288
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2007-4.yaml
- WEBhttps://web.archive.org/web/20080507055819/https://plone.org/about/security/advisories/cve-2007-5741
- WEBhttps://web.archive.org/web/20080517012557/http://www.securityfocus.com/bid/26354
- WEBhttps://web.archive.org/web/20080906150436/http://www.securityfocus.com/archive/1/483343/100/0/threaded
- WEBhttp://www.debian.org/security/2007/dsa-1405
- WEBhttp://www.securityfocus.com/archive/1/483343/100/0/threaded