Websvn

websvn

Vendor: Tigris • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2009-0240 1Tigris 1Websvn Apr 23, 2026 Jan 21, 2009 N/A· v4 N/A· v3 3.5 LOW· v2 listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.
CVE-2008-5920 1Tigris 1Websvn Apr 23, 2026 Jan 21, 2009 N/A· v4 N/A· v3 7.5 HIGH· v2 The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch.
CVE-2008-5919 1Tigris 1Websvn Apr 23, 2026 Jan 21, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.
CVE-2008-5918 1Tigris 1Websvn Apr 23, 2026 Jan 21, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.