CVE-2012-6112 — Moodle vulnerability

CWE-2648 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 30.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Moodle Debian Wordpress +1 more

Timeline

PublishedJan 27

Latest updateMay 13

Description

classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶NVDtinymce/spellchecker_php5 versions+4

▶Packagistmoodle/moodle2.1.0 — 2.1.10+3

▶NVDmoodle/moodle22 versions+21

▶debiandebian/wordpress< wordpress 3.5.1+dfsg-2 (bookworm)

▶Debianwordpress/wordpress< 3.5.1+dfsg-2+3

🔴Vulnerability Details

GHSA

PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests↗2022-05-13

▶

OSV

PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests↗2022-05-13

▶

OSV

CVE-2012-6112: classes/GoogleSpell↗2013-01-27

▶

📋Vendor Advisories

Debian

CVE-2012-6112: wordpress - classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon ...↗2012

▶

💬Community

Bugzilla

CVE-2012-6112 tinymce-spellchecker (Google Spellchecker): Control characters not sanitized properly from $lang and $str arguments in _getMatches [epel-6]↗2013-01-22

▶

Bugzilla

CVE-2012-6112 tinymce-spellchecker (Google Spellchecker): Control characters not sanitized properly from $lang and $str arguments in _getMatches [fedora-all]↗2013-01-22

▶

Bugzilla

CVE-2012-6112 tinymce-spellchecker (Google Spellchecker): Control characters not sanitized properly from $lang and $str arguments in _getMatches↗2013-01-22

▶