Jmol Plugin up to 6.1 on Moodle Query Parameter jsmol.php file_get_contents path traversal
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.1 | $0-$5k | 0.00 |
Summary
A vulnerability identified as critical has been detected in Jmol Plugin up to 6.1 on Moodle. The affected element is the function file_get_contents of the file jsmol.php of the component Query Parameter Handler. This manipulation causes path traversal.
This vulnerability appears as CVE-2025-34031. The attack may be initiated remotely. In addition, an exploit is available.
Details
A vulnerability was found in Jmol Plugin up to 6.1 on Moodle. It has been declared as critical. Affected by this vulnerability is the function file_get_contents of the file jsmol.php of the component Query Parameter Handler. The manipulation with an unknown input leads to a path traversal vulnerability. The CWE definition for the vulnerability is CWE-22. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. As an impact it is known to affect confidentiality. The summary by CVE is:
A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to the file_get_contents() function without proper validation, allowing attackers to read arbitrary files from the server's filesystem by crafting a malicious query value. This vulnerability can be exploited without authentication and may expose sensitive configuration data, including database credentials. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.
The weakness was presented by Dionach By Nomios. The advisory is shared at dionach.com. This vulnerability is known as CVE-2025-34031 since 04/15/2025. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details and also a public exploit are known. MITRE ATT&CK project uses the attack technique T1006 for this issue.
It is possible to download the exploit at exploit-db.com. It is declared as proof-of-concept. By approaching the search of inurl:jsmol.php it is possible to find vulnerable targets with Google Hacking.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
The vulnerability is also documented in the databases at Exploit-DB (46881) and EUVD (EUVD-2025-18971). If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CNA CVSS-B Score: 🔍
CNA CVSS-BT Score: 🔍
CNA Vector: 🔍
CVSSv3
VulDB Meta Base Score: 6.4VulDB Meta Temp Score: 6.1
VulDB Base Score: 5.3
VulDB Temp Score: 4.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Path traversalCWE: CWE-22
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
Google Hack: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Timeline
04/15/2025 🔍06/24/2025 🔍
06/24/2025 🔍
11/21/2025 🔍
Sources
Advisory: dionach.comResearcher: Dionach By Nomios
Status: Not defined
CVE: CVE-2025-34031 (🔍)
GCVE (CVE): GCVE-0-2025-34031
GCVE (VulDB): GCVE-100-313693
EUVD: 🔍
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 06/24/2025 07:55Updated: 11/21/2025 02:00
Changes: 06/24/2025 07:55 (71), 06/24/2025 07:57 (1), 06/24/2025 13:44 (1), 06/25/2025 15:25 (1), 07/10/2025 08:46 (11), 11/20/2025 00:41 (1), 11/21/2025 02:00 (1)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.