7.1
CVSSv2

CVE-2013-2088

Published: 31/07/2013 Updated: 30/10/2018
CVSS v2 Base Score: 7.1 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 715
Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C

Vulnerability Summary

contrib/hook-scripts/svn-keyword-check.pl in Subversion prior to 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

apache subversion 1.6.3

apache subversion 1.6.2

apache subversion 1.6.10

apache subversion 1.6.9

apache subversion 1.6.20

apache subversion 1.6.19

apache subversion 1.6.6

apache subversion 1.6.5

apache subversion 1.6.13

apache subversion 1.6.12

apache subversion 1.6.18

apache subversion 1.6.16

apache subversion 1.6.8

apache subversion 1.6.0

apache subversion 1.6.7

apache subversion 1.6.1

apache subversion 1.6.4

apache subversion 1.6.15

apache subversion 1.6.11

apache subversion

apache subversion 1.6.14

apache subversion 1.6.17

collabnet subversion 1.6.17

opensuse opensuse 11.4

Vendor Advisories

Debian Bug report logs - #711033 CVE-2013-2112 CVE-2013-1968 Package: subversion; Maintainer for subversion is James McCoy <jamessan@debianorg>; Source for subversion is src:subversion (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 4 Jun 2013 07:42:01 UTC Severity: grave Tags: pa ...
contrib/hook-scripts/svn-keyword-checkpl in Subversion before 1623 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename ...

Exploits

# This is an exploit for the subversion vulnerability published as CVE-2013-2088 # Author: GlacierZ0ne (kai@ktechnologiesde) # Exploit Type: Code Execution # Access Type: Authenticated Remote Exploit # Prerequisites: svn command line client available, # subversion server exposes webdav through apache, # user/pass ...

Mailing Lists

Subversion versions 166 and 1612 suffers from a code execution vulnerability ...