Описание
A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument to execute arbitrary commands against the underlying operating system.
Ссылки
- ExploitMailing ListThird Party Advisory
- ExploitMailing ListThird Party Advisory
Уязвимые конфигурации
EPSS
9.8 Critical
CVSS3
9.3 Critical
CVSS2
Дефекты
Связанные уязвимости
A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument to execute arbitrary commands against the underlying operating system.
A flaw was found in WebSVN 2.3.2. Without prior authentication, if the ...
A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument to execute arbitrary commands against the underlying operating system.
EPSS
9.8 Critical
CVSS3
9.3 Critical
CVSS2