The create_anchors function in utils.inc in WebSVN 1.x allows remote attackers to execute arbitrary PHP code via a crafted username that is processed by the preg_replace function with the eval switch.
https://www.exploit-db.com/exploits/6822
https://exchange.xforce.ibmcloud.com/vulnerabilities/48168
http://www.gulftech.org/?node=research&article_id=00132-10202008