The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch.
Max CVSS
7.5
EPSS Score
1.05%
Published
2009-01-21
Updated
2017-09-29
Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.
Max CVSS
6.8
EPSS Score
0.58%
Published
2009-01-21
Updated
2017-09-29
Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Max CVSS
4.3
EPSS Score
0.61%
Published
2009-01-21
Updated
2017-09-29
3 vulnerabilities found