CVE-2014-1216

EPSS 6.6%

Improper Neutralization of Special Elements used in a Command in FitNesse Wiki

Published: 5/17/2022Modified: 12/7/2024

Description

FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.

Affected packages (1)

Maven/org.fitnesse:fitnesse>= 20131110, < 20140418

References (2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-1216
WEBhttp://www.exploit-db.com/exploits/32568