Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.1
CVSSv2

CVE-2013-2088

Published: 31/07/2013 Updated: 30/10/2018
CVSS v2 Base Score: 7.1 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 715
Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C
Subscribe to Subversion

Vulnerability Summary

contrib/hook-scripts/svn-keyword-check.pl in Subversion prior to 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.

Vulnerable Product Search on Vulmon Subscribe to Product

apache subversion 1.6.3

apache subversion 1.6.2

apache subversion 1.6.10

apache subversion 1.6.9

apache subversion 1.6.20

apache subversion 1.6.19

apache subversion 1.6.6

apache subversion 1.6.5

apache subversion 1.6.13

apache subversion 1.6.12

apache subversion 1.6.18

apache subversion 1.6.15

apache subversion 1.6.4

apache subversion 1.6.11

collabnet subversion 1.6.17

apache subversion 1.6.17

apache subversion

apache subversion 1.6.14

apache subversion 1.6.1

apache subversion 1.6.0

apache subversion 1.6.7

apache subversion 1.6.8

apache subversion 1.6.16

opensuse opensuse 11.4

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2013-2112 CVE-2013-1968
Debian Bug report logs - #711033 CVE-2013-2112 CVE-2013-1968 Package: subversion; Maintainer for subversion is James McCoy <jamessan@debianorg>; Source for subversion is src:subversion (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Tue, 4 Jun 2013 07:42:01 UTC Severity: grave Tags: pa ...
Red Hat: CVE-2013-2088
contrib/hook-scripts/svn-keyword-checkpl in Subversion before 1623 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename ...

Exploits

Exploit DB: Subversion 1.6.6/1.6.12 - Code Execution
# This is an exploit for the subversion vulnerability published as CVE-2013-2088 # Author: GlacierZ0ne (kai@ktechnologiesde) # Exploit Type: Code Execution # Access Type: Authenticated Remote Exploit # Prerequisites: svn command line client available, # subversion server exposes webdav through apache, # user/pass ...
Exploit DB: Subversion 1.6.6 / 1.6.12 Code Execution
Subversion versions 166 and 1612 suffers from a code execution vulnerability ...

References

CWE-20http://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvTxsMFeHgc8bK2V-2PrSrKoBffTi8%2BxbHA5tocrrewWew%40mail.gmail.com%3Ehttp://lists.opensuse.org/opensuse-updates/2013-07/msg00015.htmlhttp://mail-archives.apache.org/mod_mbox/subversion-announce/201305.mbox/%3CCADkdwvRK51pQsybfvsAzjxQJrmVpL0fEa1K4WGkUP9Tzz6KFDw%40mail.gmail.com%3Ehttps://subversion.apache.org/security/CVE-2013-2088-advisory.txthttps://www.exploit-db.com/exploits/40507/https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18772https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711033https://nvd.nist.govhttps://www.exploit-db.com/exploits/40507/https://access.redhat.com/security/cve/cve-2013-2088
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook