QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2019-3396

Back to search

CVE-2019-3396

Published: Mar 25, 2019

Modified: Oct 21, 2025

PUBLISHED

Description

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.

VendorProductVersions

Atlassian

Confluence Server

affected
unspecified - < 6.6.12
affected
6.7.0 - < unspecified
affected
unspecified - < 6.12.3
affected
next of 6.13.0 - < unspecified
affected
unspecified - < 6.13.3

+2 more versions

References

46731
exploit
x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now