CVE-2014-1216

EPSS 6.6%

Improper Neutralization of Special Elements used in a Command in FitNesse Wiki

發布日:2022/5/17修改日:2024/12/7

描述

FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.

受影響套件(1)

Maven/org.fitnesse:fitnesse>= 20131110, < 20140418

參考連結(2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-1216
WEBhttp://www.exploit-db.com/exploits/32568