CVE-2006-6629
First published: Mon Dec 18 2006(Updated: )
lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webwork | <=2.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-6629?
CVE-2006-6629 has a medium severity rating due to the potential for arbitrary file inclusion.
How do I fix CVE-2006-6629?
To fix CVE-2006-6629, upgrade WeBWorK Program Generation Language to version 2.3.1 or later.
What vulnerability does CVE-2006-6629 expose?
CVE-2006-6629 exposes the risk of attackers loading arbitrary macro files via insufficiently restricted regular expressions.
Which versions of WeBWorK are affected by CVE-2006-6629?
WeBWorK versions prior to 2.3.1 are affected by CVE-2006-6629.
What components are impacted by CVE-2006-6629?
The impact of CVE-2006-6629 is primarily on the lib/WeBWorK/PG/Translator.pm component.
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- agent/event
- vendor/webwork
- canonical/webwork
- version/webwork/2.3