5
CVE-2012-6112
- EPSS 0.6%
- Published 27.01.2013 22:55:04
- Last modified 11.04.2025 00:51:21
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.
Data is provided by the National Vulnerability Database (NVD)
Tinymce ≫ Spellchecker Php Version2.0
Tinymce ≫ Spellchecker Php Version2.0 Updatea1
Tinymce ≫ Spellchecker Php Version2.0 Updatea2
Tinymce ≫ Spellchecker Php Version2.0 Updateb1
Tinymce ≫ Spellchecker Php Version2.0 Updateb2
Tinymce ≫ Spellchecker Php Version2.0 Updateb3
Tinymce ≫ Spellchecker Php Version2.0 Updaterc1
Tinymce ≫ Spellchecker Php Version2.0.1
Tinymce ≫ Spellchecker Php Version2.0.2
Tinymce ≫ Spellchecker Php Version2.0.3
Tinymce ≫ Spellchecker Php Version2.0.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.6% | 0.669 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|