CVE-2012-6112

Name of the Vulnerable Software and Affected Versions PHP Spellchecker addon versions prior to 2.0.6.1 for TinyMCE Moodle versions 2.1.x prior to 2.1.10 Moodle versions 2.2.x prior to 2.2.7 Moodle versions 2.3.x prior to 2.3.4 Moodle versions 2.4.x prior to 2.4.1

Description The issue arises from improper handling of control characters in the PHP Spellchecker addon, allowing remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.

Recommendations For PHP Spellchecker addon version prior to 2.0.6.1, update to version 2.0.6.1 or later. For Moodle version 2.1.x, update to version 2.1.10 or later. For Moodle version 2.2.x, update to version 2.2.7 or later. For Moodle version 2.3.x, update to version 2.3.4 or later. For Moodle version 2.4.x, update to version 2.4.1 or later.