7.5
CVE-2007-5741
- EPSS 2.19%
- Veröffentlicht 07.11.2007 21:46:00
- Zuletzt bearbeitet 16.06.2026 22:46:44
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.19% | 0.801 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
http://osvdb.org/42071
http://osvdb.org/42072
http://plone.org/about/security/advisories/cve-2007-5741
http://secunia.com/advisories/27530
http://secunia.com/advisories/27559
http://www.debian.org/security/2007/dsa-1405
http://www.securityfocus.com/archive/1/483343/100/0/threaded
http://www.securityfocus.com/bid/26354
http://www.vupen.com/english/advisories/2007/3754
https://exchange.xforce.ibmcloud.com/vulnerabilities/38288