Description

classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.

Remediation

References

CVE-2012-6112

Related Vulnerabilities

ownCloud Improper Input Validation Vulnerability (CVE-2013-2044)

WordPress Plugin Gravity Forms Information Disclosure (2.4.8)

WordPress Plugin Business Hours Indicator Cross-Site Scripting (2.3.4)

WordPress Plugin Yoast SEO Cross-Site Scripting (2.0.1)

PostgreSQL Other Vulnerability (CVE-2005-1409)

Severity

Medium

Classification

CVE-2012-6112 CWE-264

Tags

Missing Update Known Vulnerabilities