Directory traversal vulnerability in rss.php in WebSVN 2.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to overwrite arbitrary files via directory traversal sequences in the rev parameter.

More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5919)