CVE: CVE-2007-5741

Export to Word

Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.03388
Percentile: 0.86886

CVSS Scoring

CVSS v2 Score: 7.5

Severity:

Mapped CWE(s)

CWE-94 : Improper Control of Generation of Code ('Code Injection')

All CAPEC(s)

CAPEC-242: Code Injection
CAPEC-35: Leverage Executable Code in Non-Executable Files
CAPEC-77: Manipulating User-Controlled Variables

CAPEC(s) with Mapped TTPs

CAPEC-35: Leverage Executable Code in Non-Executable Files
Mapped TTPs:
- T1027.006 : HTML Smuggling
- T1027.009 : Embedded Payloads
- T1564.009 : Resource Forking

Mapped ATT&CK TTPs

T1027.006 : HTML Smuggling
Kill Chain: defense-evasion
T1027.009 : Embedded Payloads
Kill Chain: defense-evasion
T1564.009 : Resource Forking
Kill Chain: defense-evasion

Malware

APTs Threat Group Associations

Campaigns

C0021

Affected Products

cpe:2.3:a:plone:plone:2.5:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:2.5.1_rc:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:2.5_beta1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.0:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:plone:plone:3.0.2:*:*:*:*:*:*:*

← Back to Home