Description

Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments), (2) index (aka indexing), or (3) backup path and then uploading a file, as exploited in the wild in April 2010.

Remediation

References

CVE-2010-1165

Related Vulnerabilities

ownCloud Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-0299)

WordPress Plugin Calendar Event Multi View Multiple SQL Injection Vulnerabilities (1.1.7)

WordPress Plugin IMPress Listings Cross-Site Scripting (2.0.1)

PHP Other Vulnerability (CVE-2010-0397)

WordPress Plugin Revive Old Post-Auto Post to Social Media Security Bypass (6.9.3)

Severity

Critical

Classification

CVE-2010-1165 CWE-94

Tags

Missing Update Known Vulnerabilities