2 matches found
Authentication flaw
A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument to execute arbitrary commands against the underlying operating system...
WebSVN 2.3.2 - Unproper Metacharacters Escaping exec() Remote Command Injection
WebSVN 2.3.2 - Unproper Metacharacters Escaping exec Remote Command Injection WebSVN 2.3.2 Unproper Metacharacters Escaping exec Remote Commands Injection Vulnerability tested against: Microsoft Windows Server R2 SP2 PHP 5.3.6 VC9 with magicquotesgpc = off default Apache 2.2.17 VC9 Introduction:...