CVE-2014-1216 Information

Description

FitNesse Wiki 20131110 20140201 and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.

Reference

http://secpod.org/blog/?p=2311 http://www.exploit-db.com/exploits/32568 https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1216/