CVE-2008-5920

NONE
Published Jan 21, 200917y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jan 21, 2009 17y ago
Last Modified Jun 16, 2026 2w ago

Description

The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch.

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-94 Improper Control of Generation of Code (Code Injection) Injection

Affected Products 19

VendorProductVersionRange
tigriswebsvn1.00any
tigriswebsvn1.01any
tigriswebsvn1.02any
tigriswebsvn1.03any
tigriswebsvn1.04any
tigriswebsvn1.10any
tigriswebsvn1.20any
tigriswebsvn1.31aany
tigriswebsvn1.32any
tigriswebsvn1.33any
tigriswebsvn1.34any
tigriswebsvn1.37any
tigriswebsvn1.38any
tigriswebsvn1.39any
tigriswebsvn1.40any
tigriswebsvn1.51any
tigriswebsvn1.60any
tigriswebsvn1.61any
tigriswebsvn1.62any

References 5

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.