Unrated severityNVD Advisory· Published Jan 21, 2009· Updated Apr 23, 2026
CVE-2008-5920
CVE-2008-5920
Description
The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch.
Affected products
19cpe:2.3:a:tigris:websvn:1.00:*:*:*:*:*:*:*+ 18 more
- cpe:2.3:a:tigris:websvn:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.02:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.03:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.04:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.20:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.31a:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.32:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.33:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.34:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.37:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.38:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.39:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.40:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.51:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.60:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.61:*:*:*:*:*:*:*
- cpe:2.3:a:tigris:websvn:1.62:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
0No linked articles in our index yet.