QwikSec

Security Database

CVE

CWE

Training

CVE-2012-6112

Published: Jan 27, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974

x_refsource_CONFIRM

http://www.tinymce.com/forum/viewtopic.php?id=30036

x_refsource_CONFIRM

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283

x_refsource_CONFIRM

http://www.tinymce.com/develop/changelog/?type=phpspell

x_refsource_CONFIRM

[oss-security] 20130121 Moodle security notifications public

mailing-list

x_refsource_MLIST

https://moodle.org/mod/forum/discuss.php?d=220157

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.