PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests

🗓️ 13 May 2022 01:12:57Reported by GitHub Advisory DatabaseType

Reporter	Title	Published	Views	Family All 20
CVE	CVE-2012-6112	27 Jan 201322:00	–	cve
Cvelist	CVE-2012-6112	27 Jan 201322:00	–	cvelist
Debian CVE	CVE-2012-6112	27 Jan 201322:00	–	debiancve
EUVD	EUVD-2022-3849	3 Oct 202520:07	–	euvd
Fedora	[SECURITY] Fedora 17 Update: tinymce-spellchecker-2.0.5-8.fc17	3 Feb 201313:43	–	fedora
Fedora	[SECURITY] Fedora 18 Update: tinymce-spellchecker-2.0.5-8.fc18	3 Feb 201313:27	–	fedora
Tenable Nessus	Fedora 17 : tinymce-spellchecker-2.0.5-8.fc17 (2013-1341)	4 Feb 201300:00	–	nessus
Tenable Nessus	Fedora 18 : tinymce-spellchecker-2.0.5-8.fc18 (2013-1371)	4 Feb 201300:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2012-6112	24 Aug 202500:00	–	nessus
NVD	CVE-2012-6112	27 Jan 201322:55	–	nvd

Vulners

Node

moodle moodleMatch2.4.0composer

moodle moodleRange2.3.0–2.3.4composer

moodle moodleRange2.2.0–2.2.7composer

moodle moodleRange2.1.0–2.1.10composer

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2012-6112
github	www.github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974
moodle	www.moodle.org/mod/forum/discuss.php
git	www.git.moodle.org/gw
openwall	www.openwall.com/lists/oss-security/2013/01/21/1
github	www.github.com/moodle/moodle/commit/6fac8f7f04c9fe7f8bbb54a9c00ec5f9ea4f09e0
github	www.github.com/moodle/moodle/commit/9803d8fc3ce08c8f8b88ad3a95d9a7c97678a3e3
github	www.github.com/moodle/moodle/commit/a3243760c243ddad76e91840134009c3681cb16a
github	www.github.com/moodle/moodle/commit/f938b1a89b8f381129120a37915d1b345333b3fb
web	www.web.archive.org/web/20121015010345/http://www.tinymce.com/develop/changelog/

25 Jan 2024 20:27Current

7.3High risk

Vulners AI Score7.3

CVSS 25

EPSS0.006