Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-gxgu-mp2h-hfe1
Vulnerability ID VCID-gxgu-mp2h-hfe1
Aliases CVE-2007-5741
GHSA-hf26-vvmx-x8c8
PYSEC-2007-4
Summary Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
http://osvdb.org/42071
http://osvdb.org/42072
http://plone.org/about/security/advisories/cve-2007-5741
http://secunia.com/advisories/27530
http://secunia.com/advisories/27559
https://exchange.xforce.ibmcloud.com/vulnerabilities/38288
https://github.com/plone/Plone
https://github.com/pypa/advisory-database/tree/main/vulns/plone/PYSEC-2007-4.yaml
https://web.archive.org/web/20080517012557/http://www.securityfocus.com/bid/26354
https://web.archive.org/web/20080906150436/http://www.securityfocus.com/archive/1/483343/100/0/threaded
http://www.debian.org/security/2007/dsa-1405
http://www.securityfocus.com/archive/1/483343/100/0/threaded
http://www.securityfocus.com/bid/26354
http://www.vupen.com/english/advisories/2007/3754
CVE-2007-5741 https://nvd.nist.gov/vuln/detail/CVE-2007-5741
CVE-2007-5741 https://web.archive.org/web/20080507055819/https://plone.org/about/security/advisories/cve-2007-5741
GHSA-hf26-vvmx-x8c8 https://github.com/advisories/GHSA-hf26-vvmx-x8c8
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:03:06.673007+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/plone/PYSEC-2007-4.yaml 38.6.0