### [CVE-2008-6531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6531)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

The WebWork 1 web application framework in Atlassian JIRA before 3.13.2 allows remote attackers to invoke exposed public JIRA methods via a crafted URL that is dynamically transformed into method calls, aka "WebWork 1 Parameter Injection Hole."

### POC

#### Reference
- http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2008-12-09

#### Github
No PoCs found on GitHub currently.