Description
classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.
Remediation
References
Related Vulnerabilities
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2853)
Dot CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-37033)
WordPress Plugin iThemes Security (formerly Better WP Security) Unspecified Vulnerability (6.9.0)
MySQL CVE-2013-0371 Vulnerability (CVE-2013-0371)
Oracle Database Server CVE-2008-0344 Vulnerability (CVE-2008-0344)