Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument to execute arbitrary commands against the underlying operating system.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
websvn 操作系统命令注入漏洞
Vulnerability Description
websvn是一个应用软件。一个在线Subversion存储库浏览器。 WebSVN 中存在操作系统命令注入漏洞。该漏洞源于在 WebSVN 2.3.2 中发现了一个缺陷。在没有事先认证的情况下,如果在 config.php 中启用了“allowDownload”选项,攻击者可以调用 dl.php 脚本并传递一个格式良好的“path”参数来针对底层操作系统执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A