CVE-2006-6629 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2006-6629

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl.

Affected Software

Name	Vendor	Start Version	End Version
Program_generation_language	Webwork	*	2.3 (including)

References

http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/PGLanguageRelease2pt3pt1
http://www.securityfocus.com/bid/21614
http://www.vupen.com/english/advisories/2006/5026
http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/PGLanguageRelease2pt3pt1
http://www.securityfocus.com/bid/21614
http://www.vupen.com/english/advisories/2006/5026