PT-2013-1898 · Tinymce+1 · Php Spellchecker Addon+1
Petr Škoda
·
Published
2013-01-27
·
Updated
2022-05-13
·
CVE-2012-6112
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
PHP Spellchecker addon versions prior to 2.0.6.1 for TinyMCE
Moodle versions 2.1.x prior to 2.1.10
Moodle versions 2.2.x prior to 2.2.7
Moodle versions 2.3.x prior to 2.3.4
Moodle versions 2.4.x prior to 2.4.1
Description
The issue arises from improper handling of control characters in the PHP Spellchecker addon, allowing remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.
Recommendations
For PHP Spellchecker addon version prior to 2.0.6.1, update to version 2.0.6.1 or later.
For Moodle version 2.1.x, update to version 2.1.10 or later.
For Moodle version 2.2.x, update to version 2.2.7 or later.
For Moodle version 2.3.x, update to version 2.3.4 or later.
For Moodle version 2.4.x, update to version 2.4.1 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Moodle
Php Spellchecker Addon