Description
Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by GulfTech Security · textwebappsphp
https://www.exploit-db.com/exploits/6822
References (10)
Core 10
Core References
Issue Tracking x_refsource_confirm
http://websvn.tigris.org/issues/show_bug.cgi?id=179
Patch x_refsource_confirm
http://websvn.tigris.org/servlets/NewsItemView?newsItemID=2218
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34191
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/6822
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46050
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200903-20.xml
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31891
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/4928
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32338
Exploit x_refsource_misc
http://www.gulftech.org/?node=research&article_id=00132-10202008
Scores
EPSS
0.0783
EPSS Percentile
92.0%
Details
CWE
CWE-22
Status
published
Products (20)
tigris/websvn
1.00
tigris/websvn
1.01
tigris/websvn
1.02
tigris/websvn
1.03
tigris/websvn
1.04
tigris/websvn
1.10
tigris/websvn
1.20
tigris/websvn
1.31a
tigris/websvn
1.32
tigris/websvn
1.33
... and 10 more
Published
Jan 21, 2009
Tracked Since
Feb 18, 2026