CVE-2008-5920

Name of the Vulnerable Software and Affected Versions WebSVN versions 1.x

Description The issue allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg replace function with the eval switch. This is due to a problem in the create anchors function in utils.inc.

Recommendations For WebSVN version 1.x, consider disabling the create anchors function in utils.inc until a patch is available to prevent the execution of arbitrary PHP code. Restrict access to the preg replace function with the eval switch to minimize the risk of exploitation. Avoid using the username variable in the affected function until the issue is resolved.