Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5920

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-5920
Last Modified 29 Jan 2009 02:00:40
Published 20 Jan 2009 09:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5920

Summary

The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch.

Vulnerable Systems

Application

  • Tigris Websvn 1.00

  • Tigris Websvn 1.01

  • Tigris Websvn 1.02

  • Tigris Websvn 1.03

  • Tigris Websvn 1.04

  • Tigris Websvn 1.10

  • Tigris Websvn 1.20

  • Tigris Websvn 1.31a

  • Tigris Websvn 1.32

  • Tigris Websvn 1.33

  • Tigris Websvn 1.34

  • Tigris Websvn 1.37

  • Tigris Websvn 1.38

  • Tigris Websvn 1.39

  • Tigris Websvn 1.40

  • Tigris Websvn 1.51

  • Tigris Websvn 1.60

  • Tigris Websvn 1.61

  • Tigris Websvn 1.62


References

XF - websvn-createanchors-code-execution(48168)

BID - 31891

MILW0RM - 6822

MISC - http://www.gulftech.org/?node=research&article_id=00132-10202008

SREASON - 4928


Last Updated: 27 May 2016 10:48:58