VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-1ren-s7gn-n7ej

Essentials
Severities (30)
References (16)
Severity details (13)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-1ren-s7gn-n7ej
Aliases	CVE-2012-6112 GHSA-fx5h-3786-h2w6
Summary	PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283
generic_textual	MODERATE	http://openwall.com/lists/oss-security/2013/01/21/1
epss	0.006	https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss	0.006	https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss	0.006	https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss	0.006	https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss	0.006	https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss	0.006	https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss	0.006	https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss	0.006	https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss	0.006	https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss	0.006	https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss	0.006	https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss	0.006	https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss	0.006	https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss	0.006	https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss	0.006	https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss	0.006	https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss	0.006	https://api.first.org/data/v1/epss?cve=CVE-2012-6112
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-fx5h-3786-h2w6
generic_textual	MODERATE	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/6fac8f7f04c9fe7f8bbb54a9c00ec5f9ea4f09e0
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/9803d8fc3ce08c8f8b88ad3a95d9a7c97678a3e3
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/a3243760c243ddad76e91840134009c3681cb16a
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/f938b1a89b8f381129120a37915d1b345333b3fb
generic_textual	MODERATE	https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=220157
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2012-6112
generic_textual	MODERATE	https://web.archive.org/web/20121015010345/http://www.tinymce.com/develop/changelog/?type=phpspell
generic_textual	MODERATE	https://web.archive.org/web/20121129021911/http://www.tinymce.com/forum/viewtopic.php?id=30036

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283
		http://openwall.com/lists/oss-security/2013/01/21/1
		https://api.first.org/data/v1/epss?cve=CVE-2012-6112
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6112
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/6fac8f7f04c9fe7f8bbb54a9c00ec5f9ea4f09e0
		https://github.com/moodle/moodle/commit/9803d8fc3ce08c8f8b88ad3a95d9a7c97678a3e3
		https://github.com/moodle/moodle/commit/a3243760c243ddad76e91840134009c3681cb16a
		https://github.com/moodle/moodle/commit/f938b1a89b8f381129120a37915d1b345333b3fb
		https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974
		https://moodle.org/mod/forum/discuss.php?d=220157
		https://nvd.nist.gov/vuln/detail/CVE-2012-6112
		https://web.archive.org/web/20121015010345/http://www.tinymce.com/develop/changelog/?type=phpspell
		https://web.archive.org/web/20121129021911/http://www.tinymce.com/forum/viewtopic.php?id=30036
701667		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701667
GHSA-fx5h-3786-h2w6		https://github.com/advisories/GHSA-fx5h-3786-h2w6

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.68485
EPSS Score	0.006
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:10:23.642863+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fx5h-3786-h2w6/GHSA-fx5h-3786-h2w6.json	37.0.0