CVE-2014-1216

FitNesse Wiki <20140201 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-1216. PoCs published by SecPod Research.

AI-analyzed exploit summary This Metasploit module exploits a remote command execution vulnerability in Fitnesse Wiki by injecting malicious commands into a dynamically created wiki page. The exploit leverages the application's page creation and test execution features to achieve RCE.

Description

FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.

Exploits (1)

exploitdb WORKING POC VERIFIED
by SecPod Research · rubyremotewindows
https://www.exploit-db.com/exploits/32568

This Metasploit module exploits a remote command execution vulnerability in Fitnesse Wiki by injecting malicious commands into a dynamically created wiki page. The exploit leverages the application's page creation and test execution features to achieve RCE.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Fitnesse Wiki version 20140201 and earlier
No auth needed
Prerequisites: Network access to the target Fitnesse Wiki instance · Target must be running a vulnerable version of Fitnesse Wiki
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/32568
Various Sources x_refsource_misc
http://secpod.org/blog/?p=2311

Scores

EPSS 0.0658
EPSS Percentile 91.4%

Details

Status published
Products (3)
fitnesse/fitnesse_wiki 20131110
fitnesse/fitnesse_wiki < 20140201
org.fitnesse/fitnesse 20131110 - 20140418Maven
Published Apr 22, 2014
Tracked Since Feb 18, 2026