ID |
CVE-2006-6629
|
Summary |
lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl. This vulnerability is addressed in the following product release:
WeBWorK, Program Generation Language, 2.3.1 |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 7.5 (as of 08-03-2011 - 02:46) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
refmap
via4
|
|
Last major update |
08-03-2011 - 02:46 |
Published |
18-12-2006 - 11:28 |
Last modified |
08-03-2011 - 02:46 |