Description

classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.

Remediation

References

CVE-2012-6112

Related Vulnerabilities

PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2007-4652)

WeBid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3815)

WordPress Plugin Simple Ads Manager Multiple Vulnerabilities (2.6.96)

MySQL CVE-2013-5894 Vulnerability (CVE-2013-5894)

MySQL CVE-2015-4815 Vulnerability (CVE-2015-4815)

Severity

Medium

Classification

CVE-2012-6112 CWE-264

Tags

Missing Update Known Vulnerabilities