listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tigris websvn 2.0 |