CVE-2012-6112
medium
CVSS v3
—
CVSS v2
5.0
VIR risk
5.0
Description
classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-6112
Vendor advisory: secalert@redhat.com — http://www.tinymce.com/forum/viewtopic.php?id=30036
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 3.5.1+dfsg-2 |
| debian | bullseye | fixed | 3.5.1+dfsg-2 |
| debian | forky | fixed | 3.5.1+dfsg-2 |
| debian | sid | fixed | 3.5.1+dfsg-2 |
| debian | trixie | fixed | 3.5.1+dfsg-2 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Packagist | moodle/moodle | >=2.1.0,<2.1.10 | 2.1.10 |
| Packagist | moodle/moodle | >=2.2.0,<2.2.7 | 2.2.7 |
| Packagist | moodle/moodle | >=2.3.0,<2.3.4 | 2.3.4 |
| Packagist | moodle/moodle | >=2.4.0,<2.4.1 | 2.4.1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| tinymce | spellchecker_php | 2.0 | |
| tinymce | spellchecker_php | 2.0.1 | |
| tinymce | spellchecker_php | 2.0.2 | |
| tinymce | spellchecker_php | 2.0.3 | |
| tinymce | spellchecker_php | 2.0.6 | |
| moodle | moodle | 2.1.0 | |
| moodle | moodle | 2.1.1 | |
| moodle | moodle | 2.1.2 | |
| moodle | moodle | 2.1.3 | |
| moodle | moodle | 2.1.4 | |
| moodle | moodle | 2.1.5 | |
| moodle | moodle | 2.1.6 | |
| moodle | moodle | 2.1.7 | |
| moodle | moodle | 2.1.8 | |
| moodle | moodle | 2.1.9 | |
| moodle | moodle | 2.2.0 | |
| moodle | moodle | 2.2.1 | |
| moodle | moodle | 2.2.2 | |
| moodle | moodle | 2.2.3 | |
| moodle | moodle | 2.2.4 | |
| moodle | moodle | 2.2.5 | |
| moodle | moodle | 2.2.6 | |
| moodle | moodle | 2.3.0 | |
| moodle | moodle | 2.3.1 | |
| moodle | moodle | 2.3.2 | |
| moodle | moodle | 2.3.3 | |
| moodle | moodle | 2.4.0 | |
References
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283
- http://openwall.com/lists/oss-security/2013/01/21/1
- http://www.tinymce.com/develop/changelog/?type=phpspell
- http://www.tinymce.com/forum/viewtopic.php?id=30036
- https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974
- https://moodle.org/mod/forum/discuss.php?d=220157
- https://nvd.nist.gov/vuln/detail/CVE-2012-6112
- https://github.com/moodle/moodle/commit/6fac8f7f04c9fe7f8bbb54a9c00ec5f9ea4f09e0
- https://github.com/moodle/moodle/commit/9803d8fc3ce08c8f8b88ad3a95d9a7c97678a3e3
- https://github.com/moodle/moodle/commit/a3243760c243ddad76e91840134009c3681cb16a
- https://github.com/moodle/moodle/commit/f938b1a89b8f381129120a37915d1b345333b3fb
- https://github.com/moodle/moodle
- https://web.archive.org/web/20121015010345/http://www.tinymce.com/develop/changelog/?type=phpspell
- https://web.archive.org/web/20121129021911/http://www.tinymce.com/forum/viewtopic.php?id=30036
- https://security-tracker.debian.org/tracker/CVE-2012-6112
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.