5

CVSS Score

Basic Information

CVE ID

CVE-2012-6112

GHSA ID

GHSA-fx5h-3786-h2w6

EPSS Score

0.68482%

CWE

Published

5/13/2022

Updated

1/25/2024

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2012-6112

CVE-2012-6112:
PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests

classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.

(GitHub Advisory)

5

CVSS Score

Basic Information

CVE ID

CVE-2012-6112

GHSA ID

GHSA-fx5h-3786-h2w6

EPSS Score

0.68482%

CWE

Published

5/13/2022

Updated

1/25/2024

KEV Status

Technology

PHP

Technical Details

CVSS Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
moodle/moodle	composer	>= 2.1.0, < 2.1.10	2.1.10
moodle/moodle	composer	>= 2.2.0, < 2.2.7	2.2.7
moodle/moodle	composer	>= 2.3.0, < 2.3.4	2.3.4
moodle/moodle	composer	= 2.4.0	2.4.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from insufficient input sanitization in the GoogleSpell::_getMatches method. The fix in commit 2291018 (mirrored in Moodle's patches) adds two critical sanitization steps: 1) $lang is filtered to only allow a-z and hyphens, 2) $str has control characters removed. Before this fix, attackers could exploit these parameters to inject malicious payloads (e.g., via CR/LF characters) into the HTTP request, enabling arbitrary outbound requests. The direct correlation between the vulnerability description, CWE-264 (access control), and the code changes confirms this function's role.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*l*ss*s/*oo*l*Sp*ll.p*p in t** P*P Sp*ll****k*r (*k* *oo*l* Sp*ll****k*r) ***on ***or* *.*.*.* *or TinyM**, *s us** in Moo*l* *.*.x ***or* *.*.**, *.*.x ***or* *.*.*, *.*.x ***or* *.*.*, *n* *.*.x ***or* *.*.* *n* ot**r pro*u*ts, *o*s not prop*rly **

Reasoning

T** vuln*r**ility st*ms *rom insu**i*i*nt input s*nitiz*tion in t** `*oo*l*Sp*ll::_**tM*t***s` m*t*o*. T** *ix in *ommit ******* (mirror** in Moo*l*'s p*t***s) ***s two *riti**l s*nitiz*tion st*ps: *) `$l*n*` is *ilt*r** to only *llow *-z *n* *yp**ns

5

Basic Information

Concerned about an active attack path?

CVE-2012-6112: PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests

5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2012-6112:
PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests

Vulnerability Intelligence
Miggo AI