CVE-2014-1216 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2014-1216

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.

Affected Software

Name	Vendor	Start Version	End Version
Fitnesse_wiki	Fitnesse	*	20140201 (including)
Fitnesse_wiki	Fitnesse	20131110 (including)	20131110 (including)

References

http://secpod.org/blog/?p=2311
http://www.exploit-db.com/exploits/32568
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1216/
http://secpod.org/blog/?p=2311
http://www.exploit-db.com/exploits/32568
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1216/