Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2012-6112

Опубликовано: 27 янв. 2013
Источник: nvd
CVSS2: 5
EPSS Низкий

Описание

classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tinymce:spellchecker_php:2.0:*:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0:a1:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0:a2:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0:b1:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0:b2:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0:b3:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0:rc1:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0.6:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*
Конфигурация 5
cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 68%
0.006
Низкий

5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

ubuntu логотип

CVE-2012-6112

ubuntu
больше 12 лет назад

classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.

debian логотип

CVE-2012-6112

debian
больше 12 лет назад

classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellcheck ...

github логотип

GHSA-fx5h-3786-h2w6

github
около 3 лет назад

PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests

EPSS

Процентиль: 68%
0.006
Низкий

5 Medium

CVSS2

Дефекты

CWE-264