CVE DATABASE / CVE-2007-5741
CVE-2007-5741
CVSS 7.5 · HIGH
Summary
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
CVSS 2.0 breakdown
| Base score | 7.5 (HIGH) |
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Confidentiality | PARTIAL |
| Integrity | PARTIAL |
| Availability | PARTIAL |
Weakness type (CWE)
Affected products
Plone plone
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://osvdb.org/42071
- http://osvdb.org/42072
- http://plone.org/about/security/advisories/cve-2007-5741
- http://secunia.com/advisories/27530
- http://secunia.com/advisories/27559
- http://www.debian.org/security/2007/dsa-1405
- http://www.securityfocus.com/archive/1/483343/100/0/threaded
- http://www.securityfocus.com/bid/26354
- http://www.vupen.com/english/advisories/2007/3754
- https://exchange.xforce.ibmcloud.com/vulnerabilities/38288
Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.