Vulnerabilities > CVE-2006-6629 - Unspecified vulnerability in Webwork Program Generation Language

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
webwork

Summary

lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl. This vulnerability is addressed in the following product release: WeBWorK, Program Generation Language, 2.3.1

Vulnerable Configurations

Part Description Count
Application
Webwork
1