CVE-2006-6629

2006-12-18T11:28:00
ID CVE-2006-6629
Type cve
Reporter cve@mitre.org
Modified 2011-03-08T02:46:00

Description

lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl. This vulnerability is addressed in the following product release: WeBWorK, Program Generation Language, 2.3.1