CVE-2012-6112

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2012-6112
classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://openwall.com/lists/oss-security/2013/01/21/1
http://www.tinymce.com/forum/viewtopic.php?id=30036 Vendor Advisory
http://www.tinymce.com/develop/changelog/?type=phpspell
https://moodle.org/mod/forum/discuss.php?d=220157
https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:tinymce:spellchecker_php:2.0:b2:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0:b1:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0:a2:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0:a1:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0:*:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0:b3:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*
Information

Published : 2013-01-27 14:55

Updated : 2020-12-01 06:52

NVD link : CVE-2012-6112

Mitre link : CVE-2012-6112

JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa
Products Affected

tinymce

  • spellchecker_php

moodle

  • moodle