CNNVD-202506-3018 Information

CNNVD ID

CNNVD-202506-3018

Related CVE

CVE-2025-34031

• CNNVD Published: 2025-06-24

Description (Chinese)

Moodle LMS Jmol plugin是Moodle开源的一款插件。 Moodle LMS Jmol plugin 6.1及之前版本存在路径遍历漏洞，该漏洞源于jsmol.php中query参数未经验证直接传递到file_get_contents函数，可能导致任意文件读取。

Description (English)

Moodle LMS Jmol plugin is an open-source plugin for Modle. Moodle LMS Jmol plugin 6.1 and previous versions have path-to-path loopholes, which stem from the unverified transfer of the query parameter from jsmol.php to the file get contents function, which may lead to any file being read.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

Moodle

Published

2025-06-24

Last Modified

2026-02-24

References

https://vulncheck.com/advisories/moodle-lms-jmol-plugin-path-traversal https://www.exploit-db.com/exploits/46881 https://www.dionach.com/moodle-jmol-plugin-multiple-vulnerabilities/ https://access.redhat.com/security/cve/cve-2025-34031