Description

Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.

Remediation

References

CVE-2010-1165

Related Vulnerabilities

Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-14175)

Sqlite Out-of-bounds Write Vulnerability (CVE-2020-15358)

WordPress Plugin Embedded Video 'lembedded-video.php' Cross-Site Scripting (4.1)

Joomla CVE-2019-14654 Vulnerability (CVE-2019-14654)

Twisted Web HTTP Server Improper Certificate Validation Vulnerability (CVE-2014-7143)

Severity

Critical

Classification

CVE-2010-1165 CWE-94

Tags

Missing Update Known Vulnerabilities