classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-01-27T22:00:00Z

Updated: 2024-08-06T21:28:38.908Z

Reserved: 2012-12-06T00:00:00Z

Link: CVE-2012-6112

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-01-27T22:55:04.320

Modified: 2024-11-21T01:45:50.903

Link: CVE-2012-6112

cve-icon Redhat

No data.