lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language prior to 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows malicious users to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
webwork program generation language |