>> Plone "statusmessages" and "linkintegrity" Modules Command Execution
Title : Plone "statusmessages" and "linkintegrity" Modules Command Execution VUPEN ID : VUPEN/ADV-2007-3754 CVE ID : CVE-2007-5741
Rated as : High Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2007-11-06
Technical Description
A vulnerability has been identified in Plone, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by input validation errors in the "statusmessages" and "linkintegrity" modules that interpret unsafe network data as python pickles, which could be exploited by remote attackers to execute arbitrary commands with the privileges of the Zope/Plone process.
