Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Atlassian Jira Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2010-1165 - Vulnerability Database
Atlassian Jira

Atlassian Jira Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2010-1165

Critical
Reference: CVE-2010-1165
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2010-1165
Title: Atlassian Jira Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

Atlassian JIRA 3.12 through 4.1 allows remote authenticated administrators to execute arbitrary code by modifying the (1) attachment (aka attachments) (2) index (aka indexing) or (3) backup path and then uploading a file as exploited in the wild in April 2010.