Vulnerabilities > CVE-2006-6629 - Unspecified vulnerability in Webwork Program Generation Language
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl. This vulnerability is addressed in the following product release: WeBWorK, Program Generation Language, 2.3.1
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |