WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter. https://github.com/websvnphp/websvn/pull/142
Created websvn tracking bugs for this issue: Affects: epel-all [bug 1969361] Affects: fedora-all [bug 1969360]
I'd say only 2.6.0 and 2.6.1 are affected as the vulnerable code was added with https://github.com/websvnphp/websvn/commit/208652884c71bed62e97c445cf25f7ce8899dc41.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
(In reply to Xavier Bachelot from comment #2) > I'd say only 2.6.0 and 2.6.1 are affected as the vulnerable code was added > with > https://github.com/websvnphp/websvn/commit/ > 208652884c71bed62e97c445cf25f7ce8899dc41. Correction on the above comment: websvn 2.6.1 is _not_ affected, only websvn 2.6.0 is.