CVE-2014-1216
FitNesse Wiki <20140201 - Command Injection
Title source: llmDescription
FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by SecPod Research · rubyremotewindows
https://www.exploit-db.com/exploits/32568
Scores
EPSS
0.0658
EPSS Percentile
91.2%
Details
Status
published
Products (3)
fitnesse/fitnesse_wiki
20131110
fitnesse/fitnesse_wiki
< 20140201
org.fitnesse/fitnesse
20131110 - 20140418Maven
Published
Apr 22, 2014
Tracked Since
Feb 18, 2026