Description
Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy Contact Form Lite 'sort_row.request.php' SQL Injection (1.0.7)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8669)
Apache HTTP Server Resource Management Errors Vulnerability (CVE-2016-8740)
WordPress Plugin CP Reservation Calendar SQL Injection (1.1.6)