Description

classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.

Remediation

References

CVE-2012-6112

Related Vulnerabilities

PHP Out-of-bounds Read Vulnerability (CVE-2019-11035)

PostgreSQL Other Vulnerability (CVE-2012-1618)

WordPress Plugin mTouch Quiz Multiple Vulnerabilities (3.1.2)

WebLogic CVE-2022-21616 Vulnerability (CVE-2022-21616)

MySQL CVE-2014-2435 Vulnerability (CVE-2014-2435)

Severity

Medium

Classification

CVE-2012-6112 CWE-264

Tags

Missing Update Known Vulnerabilities