Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-qjdf-s39r-5bdb
Vulnerability ID VCID-qjdf-s39r-5bdb
Aliases CVE-2012-6112
GHSA-fx5h-3786-h2w6
Summary PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264 Permissions, Privileges, and Access Controls
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283
generic_textual MODERATE http://openwall.com/lists/oss-security/2013/01/21/1
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2012-6112
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-fx5h-3786-h2w6
generic_textual MODERATE https://github.com/moodle/moodle
generic_textual MODERATE https://github.com/moodle/moodle/commit/6fac8f7f04c9fe7f8bbb54a9c00ec5f9ea4f09e0
generic_textual MODERATE https://github.com/moodle/moodle/commit/9803d8fc3ce08c8f8b88ad3a95d9a7c97678a3e3
generic_textual MODERATE https://github.com/moodle/moodle/commit/a3243760c243ddad76e91840134009c3681cb16a
generic_textual MODERATE https://github.com/moodle/moodle/commit/f938b1a89b8f381129120a37915d1b345333b3fb
generic_textual MODERATE https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974
generic_textual MODERATE https://moodle.org/mod/forum/discuss.php?d=220157
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2012-6112
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2012-6112
generic_textual MODERATE https://web.archive.org/web/20121015010345/http://www.tinymce.com/develop/changelog/?type=phpspell
generic_textual MODERATE https://web.archive.org/web/20121129021911/http://www.tinymce.com/forum/viewtopic.php?id=30036
Reference id Reference type URL
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283
http://openwall.com/lists/oss-security/2013/01/21/1
https://api.first.org/data/v1/epss?cve=CVE-2012-6112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6112
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/6fac8f7f04c9fe7f8bbb54a9c00ec5f9ea4f09e0
https://github.com/moodle/moodle/commit/9803d8fc3ce08c8f8b88ad3a95d9a7c97678a3e3
https://github.com/moodle/moodle/commit/a3243760c243ddad76e91840134009c3681cb16a
https://github.com/moodle/moodle/commit/f938b1a89b8f381129120a37915d1b345333b3fb
https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974
https://moodle.org/mod/forum/discuss.php?d=220157
https://web.archive.org/web/20121015010345/http://www.tinymce.com/develop/changelog/?type=phpspell
https://web.archive.org/web/20121129021911/http://www.tinymce.com/forum/viewtopic.php?id=30036
http://www.tinymce.com/develop/changelog/?type=phpspell
http://www.tinymce.com/forum/viewtopic.php?id=30036
701667 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701667
cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tinymce:spellchecker_php:2.0:*:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tinymce:spellchecker_php:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tinymce:spellchecker_php:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tinymce:spellchecker_php:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tinymce:spellchecker_php:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0:a1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tinymce:spellchecker_php:2.0:a1:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0:a2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tinymce:spellchecker_php:2.0:a2:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0:b1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tinymce:spellchecker_php:2.0:b1:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0:b2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tinymce:spellchecker_php:2.0:b2:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0:b3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tinymce:spellchecker_php:2.0:b3:*:*:*:*:*:*
cpe:2.3:a:tinymce:spellchecker_php:2.0:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tinymce:spellchecker_php:2.0:rc1:*:*:*:*:*:*
CVE-2012-6112 https://nvd.nist.gov/vuln/detail/CVE-2012-6112
GHSA-fx5h-3786-h2w6 https://github.com/advisories/GHSA-fx5h-3786-h2w6
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2012-6112
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.6938
EPSS Score 0.006
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:50:13.815248+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2012-6112.yml 38.0.0