Lucene search
RedhatCVELIST:CVE-2012-6112HistoryJan 27, 2013 - 10:00 p.m.
CVE-2012-6112
2013-01-2722:00:00
redhat
www.cve.org
3
classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283
openwall.com/lists/oss-security/2013/01/21/1
www.tinymce.com/develop/changelog/?type=phpspell
www.tinymce.com/forum/viewtopic.php?id=30036
github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974
moodle.org/mod/forum/discuss.php?d=220157
Related
fedora
fedora
[SECURITY] Fedora 17 Update: tinymce-spellchecker-2.0.5-8.fc17
2013-02-03 13:43:35
[SECURITY] Fedora 18 Update: tinymce-spellchecker-2.0.5-8.fc18
2013-02-03 13:27:39
osv
osv
cve
cve
CVE-2012-6112
2013-01-27 22:55:04
openvas
openvas
Fedora Update for tinymce-spellchecker FEDORA-2013-1341
2013-02-04 00:00:00
Fedora Update for tinymce-spellchecker FEDORA-2013-1341
2013-02-04 00:00:00
Fedora Update for tinymce-spellchecker FEDORA-2013-1371
2013-02-04 00:00:00
prion
prion
Design/Logic Flaw
2013-01-27 22:55:00
nessus
nessus
Fedora 18 : tinymce-spellchecker-2.0.5-8.fc18 (2013-1371)
2013-02-04 00:00:00
Fedora 17 : tinymce-spellchecker-2.0.5-8.fc17 (2013-1341)
2013-02-04 00:00:00
debiancve
debiancve
CVE-2012-6112
2013-01-27 22:55:04
ubuntucve
ubuntucve
CVE-2012-6112
2013-01-27 00:00:00
nvd
nvd
CVE-2012-6112
2013-01-27 22:55:04
github
github
veracode
veracode
Arbitrary Outbound HTTP Requests
2017-06-07 06:38:17