2021-10-26 12:10:00
redhat
PUBLISHED
A flaw was found in WebSVN 2.3.2. Without prior authentication, if the allowDownload option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed path argument to execute arbitrary commands against the underlying operating system.