CVE-2012-6112

classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.

Published: Jan 27, 2013
Updated: Nov 9, 2025
CVE: CVE-2012-6112
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
tinymce / spellchecker_php	2.0-rc1	2.0-rc1.x
tinymce / spellchecker_php	2.0.1	2.0.1.x
tinymce / spellchecker_php	2.0-b2	2.0-b2.x
tinymce / spellchecker_php	2.0.2	2.0.2.x
tinymce / spellchecker_php	2.0-b3	2.0-b3.x
tinymce / spellchecker_php	2.0.3	2.0.3.x
tinymce / spellchecker_php	2.0-a1	2.0-a1.x
tinymce / spellchecker_php	2.0-b1	2.0-b1.x
tinymce / spellchecker_php	2.0-a2	2.0-a2.x
tinymce / spellchecker_php	2.0	2.0.x
tinymce / spellchecker_php	2.0.6	2.0.6.x
moodle / moodle	2.1.2	2.1.2.x
moodle / moodle	2.1.8	2.1.8.x
moodle / moodle	2.1.9	2.1.9.x
moodle / moodle	2.1.1	2.1.1.x
moodle / moodle	2.1.5	2.1.5.x
moodle / moodle	2.1.6	2.1.6.x
moodle / moodle	2.1.3	2.1.3.x
moodle / moodle	2.1.7	2.1.7.x
moodle / moodle	2.1.4	2.1.4.x
moodle / moodle	2.1.0	2.1.0.x
moodle / moodle	2.2.2	2.2.2.x
moodle / moodle	2.2.6	2.2.6.x
moodle / moodle	2.2.1	2.2.1.x
moodle / moodle	2.2.3	2.2.3.x
moodle / moodle	2.2.5	2.2.5.x
moodle / moodle	2.2.4	2.2.4.x
moodle / moodle	2.2.0	2.2.0.x
moodle / moodle	2.3.1	2.3.1.x
moodle / moodle	2.3.3	2.3.3.x
moodle / moodle	2.3.2	2.3.2.x
moodle / moodle	2.3.0	2.3.0.x
moodle / moodle	2.4.0	2.4.0.x

Vulnerability Database

314,343

CVE-2012-6112

Deep Security Visibility Without the Complexity