classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Spellchecker_php | Tinymce | 2.0 (including) | 2.0 (including) |
| Spellchecker_php | Tinymce | 2.0-a1 (including) | 2.0-a1 (including) |
| Spellchecker_php | Tinymce | 2.0-a2 (including) | 2.0-a2 (including) |
| Spellchecker_php | Tinymce | 2.0-b1 (including) | 2.0-b1 (including) |
| Spellchecker_php | Tinymce | 2.0-b2 (including) | 2.0-b2 (including) |
| Spellchecker_php | Tinymce | 2.0-b3 (including) | 2.0-b3 (including) |
| Spellchecker_php | Tinymce | 2.0-rc1 (including) | 2.0-rc1 (including) |
| Spellchecker_php | Tinymce | 2.0.1 (including) | 2.0.1 (including) |
| Spellchecker_php | Tinymce | 2.0.2 (including) | 2.0.2 (including) |
| Spellchecker_php | Tinymce | 2.0.3 (including) | 2.0.3 (including) |
| Spellchecker_php | Tinymce | 2.0.6 (including) | 2.0.6 (including) |
| Tinymce | Ubuntu | artful | * |
| Tinymce | Ubuntu | bionic | * |
| Tinymce | Ubuntu | cosmic | * |
| Tinymce | Ubuntu | disco | * |
| Tinymce | Ubuntu | eoan | * |
| Tinymce | Ubuntu | focal | * |
| Tinymce | Ubuntu | groovy | * |
| Tinymce | Ubuntu | hardy | * |
| Tinymce | Ubuntu | lucid | * |
| Tinymce | Ubuntu | oneiric | * |
| Tinymce | Ubuntu | precise | * |
| Tinymce | Ubuntu | quantal | * |
| Tinymce | Ubuntu | raring | * |
| Tinymce | Ubuntu | saucy | * |
| Tinymce | Ubuntu | trusty | * |
| Tinymce | Ubuntu | utopic | * |
| Tinymce | Ubuntu | vivid | * |
| Tinymce | Ubuntu | wily | * |
| Tinymce | Ubuntu | xenial | * |
| Tinymce | Ubuntu | yakkety | * |
| Tinymce | Ubuntu | zesty | * |
| Tinymce2 | Ubuntu | lucid | * |
| Tinymce2 | Ubuntu | oneiric | * |
| Tinymce2 | Ubuntu | precise | * |
| Tinymce2 | Ubuntu | quantal | * |
| Tinymce2 | Ubuntu | raring | * |
| Tinymce2 | Ubuntu | saucy | * |
References
- http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-37283
- http://openwall.com/lists/oss-security/2013/01/21/1
- http://www.tinymce.com/develop/changelog/?type=phpspell
- http://www.tinymce.com/forum/viewtopic.php?id=30036
- https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974
- https://moodle.org/mod/forum/discuss.php?d=220157
- http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-37283
- http://openwall.com/lists/oss-security/2013/01/21/1
- http://www.tinymce.com/develop/changelog/?type=phpspell
- http://www.tinymce.com/forum/viewtopic.php?id=30036
- https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974
- https://moodle.org/mod/forum/discuss.php?d=220157