Description

Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.

Remediation

References

CVE-2010-1165

Related Vulnerabilities

WordPress Plugin Shortlinks by Pretty Links-Best WordPress Link Tracking Unspecified Vulnerability (2.1.8)

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce SQL Injection (5.7.14)

WordPress Plugin Appointment Booking Calendar and Online Scheduling-BookingPress Arbitrary File Creation (1.1.5)

Django DEPRECATED: Code Vulnerability (CVE-2015-0219)

WordPress Plugin Mail On Update Cross-Site Request Forgery (5.1.0)

Severity

Critical

Classification

CVE-2010-1165 CWE-94

Tags

Missing Update Known Vulnerabilities