Search for vulnerabilities
Vulnerability details: VCID-zzux-kjjt-f3fg
Vulnerability ID VCID-zzux-kjjt-f3fg
Aliases CVE-2012-6112
GHSA-fx5h-3786-h2w6
Summary PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264 Permissions, Privileges, and Access Controls
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283
generic_textual MODERATE http://openwall.com/lists/oss-security/2013/01/21/1
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2012-6112
epss 0.006 https://api.first.org/data/v1/epss?cve=CVE-2012-6112
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-fx5h-3786-h2w6
generic_textual MODERATE https://github.com/moodle/moodle
generic_textual MODERATE https://github.com/moodle/moodle/commit/6fac8f7f04c9fe7f8bbb54a9c00ec5f9ea4f09e0
generic_textual MODERATE https://github.com/moodle/moodle/commit/9803d8fc3ce08c8f8b88ad3a95d9a7c97678a3e3
generic_textual MODERATE https://github.com/moodle/moodle/commit/a3243760c243ddad76e91840134009c3681cb16a
generic_textual MODERATE https://github.com/moodle/moodle/commit/f938b1a89b8f381129120a37915d1b345333b3fb
generic_textual MODERATE https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974
generic_textual MODERATE https://moodle.org/mod/forum/discuss.php?d=220157
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2012-6112
generic_textual MODERATE https://web.archive.org/web/20121015010345/http://www.tinymce.com/develop/changelog/?type=phpspell
generic_textual MODERATE https://web.archive.org/web/20121129021911/http://www.tinymce.com/forum/viewtopic.php?id=30036
Reference id Reference type URL
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283
http://openwall.com/lists/oss-security/2013/01/21/1
https://api.first.org/data/v1/epss?cve=CVE-2012-6112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6112
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/6fac8f7f04c9fe7f8bbb54a9c00ec5f9ea4f09e0
https://github.com/moodle/moodle/commit/9803d8fc3ce08c8f8b88ad3a95d9a7c97678a3e3
https://github.com/moodle/moodle/commit/a3243760c243ddad76e91840134009c3681cb16a
https://github.com/moodle/moodle/commit/f938b1a89b8f381129120a37915d1b345333b3fb
https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974
https://moodle.org/mod/forum/discuss.php?d=220157
https://nvd.nist.gov/vuln/detail/CVE-2012-6112
https://web.archive.org/web/20121015010345/http://www.tinymce.com/develop/changelog/?type=phpspell
https://web.archive.org/web/20121129021911/http://www.tinymce.com/forum/viewtopic.php?id=30036
701667 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701667
GHSA-fx5h-3786-h2w6 https://github.com/advisories/GHSA-fx5h-3786-h2w6
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.68437
EPSS Score 0.006
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:28:00.988437+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fx5h-3786-h2w6/GHSA-fx5h-3786-h2w6.json 36.1.3