N/A

lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl.

N/A

N/A

WeBWorK Program Generation Language 'Translator.pm'宏安全限制绕过漏洞

WeBWorK Program Generation (PG) Language的2.3.1之前版本中的lib/WeBWorK/PG/Translator.pm使用不充分限制的正则表达式来测定宏文件名的有效性，攻击者上载名字中含有(1)dangerousMacros.pl，(2)PG.pl或(3)IO.pl字符串的任意宏文件。

N/A

N/A