Plone popen2 Remote Command Execution Exploit

This module exploits a remote command execution vulnerability in the Zope web application server used by Plone, by sending a specially crafted HTTP request to the affected web site. The vulnerability exists because it is possible to remotely invoke the popen2 function from the Python os package with arbitrary arguments in the context of the affected server. This can be exploited by remote unauthenticated attackers to execute arbitrary code on the vulnerable machine.
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2011-3587
Product Version: 
12.0
Released Date: 
Tuesday, January 31, 2012 - 00:00