PT-2014-4018 · Fitnesse · Fitnesse Wiki

Published

2014-04-21

Updated

2022-05-17

CVE-2014-1216

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions FitNesse Wiki versions 20131110, 20140201, and earlier

Description The issue allows remote attackers to execute arbitrary commands. This is achieved by defining a COMMAND PATTERN and TEST RUNNER in the pageContent parameter when editing a page.

Recommendations For FitNesse Wiki versions 20131110, 20140201, and earlier, consider restricting access to the page editing functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2014-1216

GHSA-MPX3-MX2P-9GV3

Affected Products

Fitnesse Wiki

PT-2014-4018 · Fitnesse · Fitnesse Wiki

CVE-2014-1216

Weakness Enumeration

Related Identifiers

Affected Products

References · 6