Hipchat server versions prior to 2.2.3 suffer from a remote code execution vulnerability that can be leveraged via Administrative Imports.