VYPR
Unrated severityNVD Advisory· Published Jun 24, 2025· Updated Apr 7, 2026

Moodle LMS Jmol Plugin Path Traversal

CVE-2025-34031

Description

A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the file_get_contents() function without proper validation, allowing attackers to read arbitrary files from the server's filesystem by crafting a malicious query value. This vulnerability can be exploited without authentication and may expose sensitive configuration data, including database credentials. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Moodle/Moodlellm-fuzzy
    Range: <=6.1
  • Moodle/Jmol Pluginv5
    Range: 0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.