lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2006-12-18T11:00:00
Updated: 2009-02-26T10:00:00
Reserved: 2006-12-17T00:00:00
Link: CVE-2006-6629
JSON object: View
NVD Information
Status : Modified
Published: 2006-12-18T11:28:00.000
Modified: 2011-03-08T02:46:34.970
Link: CVE-2006-6629
JSON object: View
Redhat Information
No data.
CWE