WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.
https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective
https://github.com/websvnphp/websvn/pull/142
http://packetstormsecurity.com/files/163225/Websvn-2.6.0-Remote-Code-Execution.html