CVE-2011-2195

Name of the Vulnerable Software and Affected Versions WebSVN version 2.3.2

Description A flaw was found in WebSVN. Without prior authentication, if the allowDownload option is enabled in config.php, an attacker can invoke the "dl.php" script and pass a well-formed path argument to execute arbitrary commands against the underlying operating system.

Recommendations For WebSVN version 2.3.2, consider disabling the allowDownload option in config.php as a temporary workaround to prevent exploitation. Restrict access to the dl.php script to minimize the risk of arbitrary command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.