A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument to execute arbitrary commands against the underlying operating system.
References
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2021-10-26T12:10:00

Updated: 2024-08-06T22:53:17.304Z

Reserved: 2011-05-31T00:00:00

Link: CVE-2011-2195

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-10-26T13:15:07.167

Modified: 2024-11-21T01:27:47.537

Link: CVE-2011-2195

cve-icon Redhat

No data.