Vulnerabilities > Tigris > Websvn > 1.31a
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-01-21 | CVE-2008-5920 | Code Injection vulnerability in Tigris Websvn The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch. | 7.5 |
2009-01-21 | CVE-2008-5919 | Path Traversal vulnerability in Tigris Websvn Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter. | 6.8 |
2009-01-21 | CVE-2008-5918 | Cross-Site Scripting vulnerability in Tigris Websvn Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |