CVE-2008-5920
NONE
Published Jan 21, 200917y ago · Modified Jun 16, 20262w ago
Published Jan 21, 2009 17y ago
Last Modified Jun 16, 2026 2w ago
Description
The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch.
Threat Intelligence
No active exploitation signals — not in CISA KEV and no EPSS score yet.
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-94 Improper Control of Generation of Code (Code Injection) Injection
Affected Products 19
| Vendor | Product | Version | Range |
|---|---|---|---|
| tigris | websvn | 1.00 | any |
| tigris | websvn | 1.01 | any |
| tigris | websvn | 1.02 | any |
| tigris | websvn | 1.03 | any |
| tigris | websvn | 1.04 | any |
| tigris | websvn | 1.10 | any |
| tigris | websvn | 1.20 | any |
| tigris | websvn | 1.31a | any |
| tigris | websvn | 1.32 | any |
| tigris | websvn | 1.33 | any |
| tigris | websvn | 1.34 | any |
| tigris | websvn | 1.37 | any |
| tigris | websvn | 1.38 | any |
| tigris | websvn | 1.39 | any |
| tigris | websvn | 1.40 | any |
| tigris | websvn | 1.51 | any |
| tigris | websvn | 1.60 | any |
| tigris | websvn | 1.61 | any |
| tigris | websvn | 1.62 | any |
References 5
- securityreason.com http://securityreason.com/securityalert/4928
- gulftech.org http://www.gulftech.org/?node=research&article_id=00132-10202008
- securityfocus.com http://www.securityfocus.com/bid/31891
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/48168
- exploit-db.com https://www.exploit-db.com/exploits/6822
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.