CVE-2012-6112

classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.

Published: Jan 27, 2013
Updated: Apr 13, 2023
CVE: CVE-2012-6112
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
tinymce / spellchecker_php	2.0-rc1	2.0-rc1.x
tinymce / spellchecker_php	2.0.1	2.0.1.x
tinymce / spellchecker_php	2.0-b2	2.0-b2.x
tinymce / spellchecker_php	2.0.2	2.0.2.x
tinymce / spellchecker_php	2.0-b3	2.0-b3.x
tinymce / spellchecker_php	2.0.3	2.0.3.x
tinymce / spellchecker_php	2.0-a1	2.0-a1.x
tinymce / spellchecker_php	2.0-b1	2.0-b1.x
tinymce / spellchecker_php	2.0-a2	2.0-a2.x
tinymce / spellchecker_php	2.0	2.0.x
tinymce / spellchecker_php	2.0.6	2.0.6.x
moodle / moodle	2.1.2	2.1.2.x
moodle / moodle	2.1.8	2.1.8.x
moodle / moodle	2.1.9	2.1.9.x
moodle / moodle	2.1.1	2.1.1.x
moodle / moodle	2.1.5	2.1.5.x
moodle / moodle	2.1.6	2.1.6.x
moodle / moodle	2.1.3	2.1.3.x
moodle / moodle	2.1.7	2.1.7.x
moodle / moodle	2.1.4	2.1.4.x
moodle / moodle	2.1.0	2.1.0.x
moodle / moodle	2.2.2	2.2.2.x
moodle / moodle	2.2.6	2.2.6.x
moodle / moodle	2.2.1	2.2.1.x
moodle / moodle	2.2.3	2.2.3.x
moodle / moodle	2.2.5	2.2.5.x
moodle / moodle	2.2.4	2.2.4.x
moodle / moodle	2.2.0	2.2.0.x
moodle / moodle	2.3.1	2.3.1.x
moodle / moodle	2.3.3	2.3.3.x
moodle / moodle	2.3.2	2.3.2.x
moodle / moodle	2.3.0	2.3.0.x
moodle / moodle	2.4.0	2.4.0.x

Vulnerability Database

290,301

CVE-2012-6112