Vulnerability Description
lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webwork | Program Generation Language | <= 2.3 |
References
- http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/PGLanguageRelease2pt3pPatch
- http://www.securityfocus.com/bid/21614Patch
- http://www.vupen.com/english/advisories/2006/5026
- http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/PGLanguageRelease2pt3pPatch
- http://www.securityfocus.com/bid/21614Patch
- http://www.vupen.com/english/advisories/2006/5026
FAQ
What is CVE-2006-6629?
CVE-2006-6629 is a vulnerability with a CVSS score of 7.5 (HIGH). lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers t...
How severe is CVE-2006-6629?
CVE-2006-6629 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6629?
Check the references section above for vendor advisories and patch information. Affected products include: Webwork Program Generation Language.