Description
Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.
Remediation
References
Related Vulnerabilities
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29211)
MySQL CVE-2023-22046 Vulnerability (CVE-2023-22046)
WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.16)
WordPress 6.2 Multiple Vulnerabilities (6.2)
MediaWiki Insertion of Sensitive Information into Log File Vulnerability (CVE-2018-0504)