Description
os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack.
Remediation
References
Related Vulnerabilities
WordPress 'blog.header.php' Multiple SQL Injection Vulnerabilities (0.6.2 - 0.71)
WordPress Plugin WP Photo Album Plus Cross-Site Scripting (5.0.10)
Moodle Other Vulnerability (CVE-2012-2366)
WordPress Plugin Wbcom Designs-BuddyPress Group Reviews Security Bypass (2.8.3)
WordPress 4.3.x Cross-Domain Flash Injection Vulnerability (4.3 - 4.3.14)