Insufficient Input Validation in WeBWorK Product by WeBWorK Inc.
CVE-2006-6629

Currently unrated

Key Information:

Vendor

Webwork

Status
Program Generation Language
Vendor
CVE Published:
18 December 2006

What is CVE-2006-6629?

A vulnerability exists in the WeBWorK Program Generation (PG) Language where an overly permissive regular expression allows attackers to specify arbitrary macro filenames. This can result in the execution of potentially harmful code if filenames include specific strings like 'dangerousMacros.pl', 'PG.pl', or 'IO.pl'. Users are advised to ensure their systems are updated to versions 2.3.1 or later to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/21614
vdb-entryx_refsource_BID
http://devel.webwork.rochester.edu/twiki/bin/view/Webwork...
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/5026
vdb-entryx_refsource_VUPEN

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.