CVE-2012-6112

NameCVE-2012-6112
Descriptionclasses/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs701667, 702387

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tinymce (PTS)stretch3.4.8+dfsg0-1fixed
buster3.4.8+dfsg0-2fixed
bullseye, sid3.4.8+dfsg0-3fixed
wordpress (PTS)stretch (security), stretch4.7.5+dfsg-2+deb9u6fixed
buster, buster (security)5.0.10+dfsg1-0+deb10u1fixed
bullseye, sid5.4.2+dfsg1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
moodlesourcesqueeze(not affected)
moodlesourcewheezy2.2.3.dfsg-2.6~wheezy2
moodlesource(unstable)2.5-1702387
tinymcesource(unstable)(not affected)
wordpresssourcesqueeze3.5.2+dfsg-1~deb6u1701667
wordpresssourcewheezy3.5.2+dfsg-1~deb7u1701667
wordpresssource(unstable)3.5.1+dfsg-2

Notes

- tinymce <not-affected> (TinyMCE Google spellchecker plugin)
[squeeze] - moodle <not-affected> (Only affects 2.1 and above)
http://www.tinymce.com/develop/changelog/?type=phpspell
patch: https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974
http://www.tinymce.com/forum/viewtopic.php?id=30036

Search for package or bug name: Reporting problems