Vulnerability Details CVE-2008-5920
The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.4%
CVSS Severity
CVSS v2 Score 7.5
References
- http://securityreason.com/securityalert/4928
- http://www.gulftech.org/?node=research&article_id=00132-10202008
- http://www.securityfocus.com/bid/31891
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48168
- https://www.exploit-db.com/exploits/6822
- http://securityreason.com/securityalert/4928
- http://www.gulftech.org/?node=research&article_id=00132-10202008
- http://www.securityfocus.com/bid/31891
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48168
- https://www.exploit-db.com/exploits/6822
Products affected by CVE-2008-5920
-
cpe:2.3:a:tigris:websvn:1.00
-
cpe:2.3:a:tigris:websvn:1.01
-
cpe:2.3:a:tigris:websvn:1.02
-
cpe:2.3:a:tigris:websvn:1.03
-
cpe:2.3:a:tigris:websvn:1.04
-
cpe:2.3:a:tigris:websvn:1.10
-
cpe:2.3:a:tigris:websvn:1.20
-
cpe:2.3:a:tigris:websvn:1.31a
-
cpe:2.3:a:tigris:websvn:1.32
-
cpe:2.3:a:tigris:websvn:1.33
-
cpe:2.3:a:tigris:websvn:1.34
-
cpe:2.3:a:tigris:websvn:1.37
-
cpe:2.3:a:tigris:websvn:1.38
-
cpe:2.3:a:tigris:websvn:1.39
-
cpe:2.3:a:tigris:websvn:1.40
-
cpe:2.3:a:tigris:websvn:1.51
-
cpe:2.3:a:tigris:websvn:1.60
-
cpe:2.3:a:tigris:websvn:1.61
-
cpe:2.3:a:tigris:websvn:1.62