Description
Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.
Remediation
References
Related Vulnerabilities
Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2065)
SharePoint CVE-2017-8511 Vulnerability (CVE-2017-8511)
WordPress Plugin Theme Blvd Sliders Multiple Security Bypass Vulnerabilities (1.2.3)
phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-1432)
WordPress Plugin Email newsletter Cross-Site Scripting (20.13.6)