QwikSec

Security Database

CVE

CWE

Training

CVE-2024-28125

Published: Mar 18, 2024

Modified: Sep 19, 2025

PUBLISHED

Description

FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation.

Vendor	Product	Versions
unclebob	FitNesse	affected `all releases`

Weaknesses (CWE)

References

https://github.com/unclebob/fitnesse

http://fitnesse.org/FitNesseDownload

https://github.com/unclebob/fitnesse/blob/master/SECURITY.md

https://jvn.jp/en/jp/JVN94521208/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.