FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fitnesse | fitnesse_wiki | * |
| fitnesse | fitnesse_wiki | 20131110 |