Home > Vulnerability Database > CVE-2012-6112

Mend.io Vulnerability Database

CVE-2012-6112

Date: January 27, 2013

classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.

Language: PHP

Severity Score

5.3

Related Resources (9)

Url: http://www.tinymce.com/forum/viewtopic.php?id=30036

Url: http://www.tinymce.com/develop/changelog/?type=phpspell

Url: https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-6112

Url: https://security-tracker.debian.org/tracker/CVE-2012-6112

Url: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283

Url: http://openwall.com/lists/oss-security/2013/01/21/1

Url: https://moodle.org/mod/forum/discuss.php?d=220157

Url: https://www.mend.io/vulnerability-database/CVE-2012-6112

Severity Score

5.3

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-6112

Date: January 27, 2013

Language: PHP

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?