CVE-2008-5919

Exp

Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.

Published: 2009-01-20 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2008-5919 is rated High Exploit Risk (73.1/100): CVSS Medium severity, with high exploitation likelihood (EPSS 6.31%, 93th percentile). 3 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2008-5919

EDB-ID Source Kind Published Link
6822 exploit_db edb 2008-10-23 Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2008-5919

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 7.83% 6.31% -1.51%
2 2026-03-13 6.83% 7.83% +1.00%
3 2026-01-21 6.83%

Full EPSS history (11 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2008-5919

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
6.8 2.0 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
 8.6 6.4 [email protected]

Weakness enumeration for CVE-2008-5919

OS Trackers for CVE-2008-5919

vendor priority summary link
gentoo normal CVE-2008-5919: 1 GLSA(s) (200903-20), 1 atom(s) (www-apps/websvn); latest impact normal. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2008-5919
ubuntu negligible CVE-2008-5919 negligible priority: Ubuntu including 1 source packages (websvn), 11 status rows across 11 suites (dapper, gutsy, hardy, intrepid, jaunty, karmic, lucid, maverick, natty, oneiric, upstream): not-affected 6, ignored 4, released 1. https://ubuntu.com/security/CVE-2008-5919

Affected software / configurations for CVE-2008-5919

Vendor Product Version Raw CPE
tigris websvn <= 2.0 cpe:2.3:a:tigris:websvn:*:*:*:*:*:*:*:*
tigris websvn 1.00 cpe:2.3:a:tigris:websvn:1.00:*:*:*:*:*:*:*
tigris websvn 1.01 cpe:2.3:a:tigris:websvn:1.01:*:*:*:*:*:*:*
tigris websvn 1.02 cpe:2.3:a:tigris:websvn:1.02:*:*:*:*:*:*:*
tigris websvn 1.03 cpe:2.3:a:tigris:websvn:1.03:*:*:*:*:*:*:*
tigris websvn 1.04 cpe:2.3:a:tigris:websvn:1.04:*:*:*:*:*:*:*
tigris websvn 1.10 cpe:2.3:a:tigris:websvn:1.10:*:*:*:*:*:*:*
tigris websvn 1.20 cpe:2.3:a:tigris:websvn:1.20:*:*:*:*:*:*:*
tigris websvn 1.31a cpe:2.3:a:tigris:websvn:1.31a:*:*:*:*:*:*:*
tigris websvn 1.32 cpe:2.3:a:tigris:websvn:1.32:*:*:*:*:*:*:*
tigris websvn 1.33 cpe:2.3:a:tigris:websvn:1.33:*:*:*:*:*:*:*
tigris websvn 1.34 cpe:2.3:a:tigris:websvn:1.34:*:*:*:*:*:*:*
tigris websvn 1.37 cpe:2.3:a:tigris:websvn:1.37:*:*:*:*:*:*:*
tigris websvn 1.38 cpe:2.3:a:tigris:websvn:1.38:*:*:*:*:*:*:*
tigris websvn 1.39 cpe:2.3:a:tigris:websvn:1.39:*:*:*:*:*:*:*
tigris websvn 1.40 cpe:2.3:a:tigris:websvn:1.40:*:*:*:*:*:*:*
tigris websvn 1.51 cpe:2.3:a:tigris:websvn:1.51:*:*:*:*:*:*:*
tigris websvn 1.60 cpe:2.3:a:tigris:websvn:1.60:*:*:*:*:*:*:*
tigris websvn 1.61 cpe:2.3:a:tigris:websvn:1.61:*:*:*:*:*:*:*
tigris websvn 1.62 cpe:2.3:a:tigris:websvn:1.62:*:*:*:*:*:*:*

References for CVE-2008-5919

cvelogic Threat Intelligence