Description

Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.

Remediation

References

CVE-2010-1165

Related Vulnerabilities

Atlassian Jira CVE-2018-5231 Vulnerability (CVE-2018-5231)

WordPress Plugin Sidebar Login Cross-Site Scripting (2.3.6)

WordPress Plugin Portfolio-WordPress Portfolio Cross-Site Request Forgery (2.8.8)

WordPress Plugin RegistrationMagic-Custom Registration Forms, User Registration, Payment, and User Login Security Bypass (5.0.1.7)

WordPress Plugin SB Uploader Arbitrary File Upload (3.2)

Severity

Critical

Classification

CVE-2010-1165 CWE-94

Tags

Missing Update Known Vulnerabilities