WebSVN prior to 2.6.1 allows remote malicious users to execute arbitrary commands via shell metacharacters in the search parameter.
websvn websvn