Vulnerability Details CVE-2025-34031
A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the file_get_contents() function without proper validation, allowing attackers to read arbitrary files from the server's filesystem by crafting a malicious query value. This vulnerability can be exploited without authentication and may expose sensitive configuration data, including database credentials.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.052
EPSS Ranking 89.5%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2025-34031
-
cpe:2.3:a:geoffrowland:jmol:*