CVE-2006-6629

{"id": "CVE-2006-6629", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-12-18T11:28:00.000", "references": [{"url": "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/PGLanguageRelease2pt3pt1", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21614", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/5026", "source": "cve@mitre.org"}, {"url": "http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/PGLanguageRelease2pt3pt1", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/21614", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/5026", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl."}, {"lang": "es", "value": "lib/WeBWorK/PG/Translator.pm del WeBWorK Program Generation (PG) Language anterior al 2.3.1 utiliza expresiones regulares insuficientemente restrictivas para determinar macros de nombres de fichero v\u00e1lidos, lo cual permite a atacantes cargar macros de ficheros de su elecci\u00f3n que contengan nombres en las cadenas (1) dangerousMacros.pl, (2) PG.pl o(3) IO.pl."}], "lastModified": "2024-11-21T00:23:14.557", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:webwork:program_generation_language:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1228AED-12F8-4EB2-8768-9E5D56249FA9", "versionEndIncluding": "2.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nWeBWorK, Program Generation Language, 2.3.1"}