WeBWorK Program Generation Language Macro Security Restriction Bypass Vulnerability

WeBWorK Program Generation Language is prone to a security restriction-bypass vulnerability because the application fails to properly enforce restrictions in place to deter attackers from running arbitrary script code on affected computers.

Successfully exploiting this issue allows attackers to execute arbitrary script code in the context of the webserver hosting the vulnerable application. This may aid them in further attacks.

Since attackers must be able to modify the WeBWorK course files, only users with administrative privileges in the application's web interface can typically exploit this issue.

Versions of WeBWorK prior to 2.3.1 are vulnerable to this issue.


 

Privacy Statement
Copyright 2010, SecurityFocus