Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-2088Improper Input Validation in Apache Subversion

CWE-20Improper Input Validation10 documents9 sources
Severity
7.1HIGHNVD
EPSS
6.5%
top 8.88%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Apache SubversionCollabnet SubversionOpensuse
Timeline
PublishedJul 31
Latest updateMay 14

Description

contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages4 packages

Debianapache/subversion< 1.7.5-1+3
NVDapache/subversion1.6.21+21

🔴Vulnerability Details

3
GHSA
GHSA-92h8-fm5h-34jg: contrib/hook-scripts/svn-keyword-check2022-05-14
CVEList
CVE-2013-2088: contrib/hook-scripts/svn-keyword-check2013-07-31
OSV
CVE-2013-2088: contrib/hook-scripts/svn-keyword-check2013-07-31

💥Exploits & PoCs

1
Exploit-DB
Subversion 1.6.6/1.6.12 - Code Execution2016-10-12

📋Vendor Advisories

3
Red Hat
subversion: Improper sanitization of arguments of certain hook scripts might lead to arbitrary code execution2013-05-31
Debian
CVE-2013-2088: subversion - contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows rem...2013
Apache
Apache subversion: CVE-2013-2088

💬Community

2
Bugzilla
CVE-2013-2088 subversion: Improper sanitization of arguments of certain hook scripts might lead to arbitrary code execution [fedora-all]2013-06-03
Bugzilla
CVE-2013-2088 subversion: Improper sanitization of arguments of certain hook scripts might lead to arbitrary code execution2013-06-03
CVE-2013-2088 — Improper Input Validation in Apache | cvebase