Nospam

**Name of the Vulnerable Software and Affected Versions** WebSVN version 2.3.2 **Description** A flaw was found in WebSVN. Without prior authentication, if the `allowDownload` option is enabled in config.php, an attacker can invoke the "dl.php" script and pass a well-formed `path` argument to execute arbitrary commands against the underlying operating system. **Recommendations** For WebSVN version 2.3.2, consider disabling the `allowDownload` option in config.php as a temporary workaround to prevent exploitation. Restrict access to the dl.php script to minimize the risk of arbitrary command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.