CVE-2006-6629

Name of the Vulnerable Software and Affected Versions WeBWorK versions prior to 2.3.1

Description The issue arises from an insufficiently restrictive regular expression used to determine valid macro filenames in the lib/WeBWorK/PG/Translator.pm file. This allows attackers to load arbitrary macro files whose names contain specific strings, including dangerousMacros.pl, PG.pl, or IO.pl.

Recommendations For versions prior to 2.3.1, update to version 2.3.1 or later to resolve the issue.