Tigris

Websvn

4 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2008-5918

Exploit
  • EPSS 8.07%
  • Published 21.01.2009 02:30:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

6.8

CVE-2008-5919

Exploit
  • EPSS 6.66%
  • Published 21.01.2009 02:30:00
  • Last modified 09.04.2025 00:30:58

Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.

7.5

CVE-2008-5920

Exploit
  • EPSS 1.89%
  • Published 21.01.2009 02:30:00
  • Last modified 09.04.2025 00:30:58

The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch.

3.5

CVE-2009-0240

  • EPSS 0.41%
  • Published 21.01.2009 02:30:00
  • Last modified 09.04.2025 00:30:58

listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.