{"id":2944,"date":"2019-05-20T09:35:41","date_gmt":"2019-05-20T08:35:41","guid":{"rendered":"https:\/\/dn-www.azurewebsites.net\/2019\/05\/20\/moodle-jmol-plugin-multiple-vulnerabilities\/"},"modified":"2024-01-30T16:30:20","modified_gmt":"2024-01-30T16:30:20","slug":"moodle-jmol-plugin-multiple-vulnerabilities","status":"publish","type":"post","link":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/moodle-jmol-plugin-multiple-vulnerabilities\/","title":{"rendered":"Moodle Jmol Plugin Multiple Vulnerabilities"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"2944\" class=\"elementor elementor-2944\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-2e11d48f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"2e11d48f\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3b9e6f26\" data-id=\"3b9e6f26\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2a887ed0 elementor-widget elementor-widget-text-editor\" data-id=\"2a887ed0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div style=\"float: right\"><img decoding=\"async\" alt=\"Jmol\/JSmol\" src=\"\/wp-content\/uploads\/files\/sites\/other\/files\/moodle_filter_jmol.png\" style=\"width: 128px; height: 128px;\" \/><\/div>\r\n\r\n<p>In a recent penetration test of a Moodle instance, a review of the installed plugins revealed several security issues in a plugin that has not been updated for several years.<\/p>\r\n\r\n<p>The <a href=\"https:\/\/moodle.org\/plugins\/filter_jmol\">Jmol\/JSmol plugin<\/a> for the <a href=\"https:\/\/moodle.org\/\">Moodle<\/a> Learning Management System displays chemical structures in Moodle using Java and JavaScript. The plugin implements a PHP server-side proxy in order to load third party resources bypassing client-side security restrictions. This PHP proxy script calls the function <a href=\"https:\/\/www.php.net\/manual\/en\/function.file-get-contents.php\">file_get_contents()<\/a> on unvalidated user input.<\/p>\r\n\r\n<p>This makes Moodle instances with this plugin installed vulnerable to directory traversal and server-side request forgery in the default PHP setup, and if PHP&#8217;s &#8220;<a href=\"https:\/\/www.php.net\/manual\/en\/wrappers.expect.php\">expect<\/a>&#8221; wrapper is enabled, also to remote code execution. Other parameters in the plugin are also vulnerable to reflected cross-site scripting. Note that authentication is not required to exploit these vulnerabilities.<\/p>\r\n\r\n<p>The JSmol Moodle plugin was forked from the JSmol project, where the directory traversal and server-side request forgery vulnerability was partially fixed in 2015.<\/p>\r\n\r\n<p>This issue is tracked at <a href=\"https:\/\/tracker.moodle.org\/browse\/CONTRIB-7516\">https:\/\/tracker.moodle.org\/browse\/CONTRIB-7516<\/a>.<\/p>\r\n\r\n<h2>Proof of Concept<\/h2>\r\n\r\n<h3>Directory Traversal<\/h3>\r\n\r\n<p>Accessing the following link reads a file from the Moodle server&#8217;s file system, in this case the Moodle configuration file with database credentials.<\/p>\r\n\r\n<p><a href=\"https:\/\/moodle\/filter\/jmol\/js\/jsmol\/php\/jsmol.php?call=getRawDataFromDatabase&amp;query=file:\/\/\/opt\/bitnami\/apps\/moodle\/htdocs\/config.php\">https:\/\/moodle\/filter\/jmol\/js\/jsmol\/php\/jsmol.php?call=getRawDataFromDatabase&amp;query=file:\/\/\/opt\/bitnami\/apps\/moodle\/htdocs\/config.php<\/a><br \/>\r\n<img decoding=\"async\" alt=\"Moodle database configuration file\" src=\"\/wp-content\/uploads\/files\/sites\/other\/files\/moodle_filter_jmol_passwd.png\" style=\"width: 400px; height: 295px; border-width: 1px; border-style: solid;\" \/><\/p>\r\n\r\n<p>Any file the web server process has access to is readable by an attacker. The accessed files are not included in PHP code, so an attacker will not be able to execute their own code on the server through this vulnerability alone. Access to the server&#8217;s file system may however enable an attacker to gain access elsewhere.<\/p>\r\n\r\n<h4>Reflected Cross-Site Scripting<\/h4>\r\n\r\n<p>Accessing the following link runs JavaScript code in the context of the victim&#8217;s browser.<\/p>\r\n\r\n<p><a href=\"https:\/\/moodle\/filter\/jmol\/js\/jsmol\/php\/jsmol.php?call=saveFile&amp;data=&lt;script&gt;alert('XSS')&lt;\/script&gt;&amp;mimetype=text\/html\">https:\/\/moodle\/filter\/jmol\/js\/jsmol\/php\/jsmol.php?call=saveFile&amp;data=%3Cscript%3Ealert(%27XSS%27)%3C\/script%3E&amp;mimetype=text\/html<\/a><br \/>\r\n<img decoding=\"async\" alt=\"XSS\" src=\"\/wp-content\/uploads\/files\/sites\/other\/files\/moodle_filter_jmol_xss.png\" style=\"width: 501px; height: 234px;\" \/><\/p>\r\n\r\n<h3>Malware Distribution<\/h3>\r\n\r\n<p>The following link contains a Base64-encoded file, which the server decodes and provides to the victim when the link is accessed.<\/p>\r\n\r\n<p><a href=\"https:\/\/moodle\/filter\/jmol\/js\/jsmol\/php\/jsmol.php?call=saveFile&amp;encoding=base64&amp;data=UEsFBgAAAAAAAAAAAAAAAAAAAAAAAA%3D%3D&amp;filename=empty.zip\">https:\/\/moodle\/filter\/jmol\/js\/jsmol\/php\/jsmol.php?call=saveFile&amp;encoding=base64&amp;data=UEsFBgAAAAAAAAAAAAAAAAAAAAAAAA%3D%3D&amp;filename=empty.zip<\/a><\/p>\r\n\r\n<h2>Recommendation<\/h2>\r\n\r\n<p>Uninstall the plugin from Moodle&#8217;s Site Administration interface. Ensure that the uninstallation also removes the directory from the web server&#8217;s file system (such as \/var\/www\/moodle\/filter\/jmol). Using Moodle&#8217;s &#8220;Disable plugin&#8221; action does not disable the vulnerable PHP scripts, as it only removes the functionality of the plugin from the Moodle interface, but the standalone PHP scripts continue to be accessible on the web server, thus can still be exploited.<\/p>\r\n\r\n<p>Using third party components forked from other projects carries a higher risk the further the development goes from the upstream project. In addition to following the security advisories of each installed component, also follow those of the upstream projects in case their fixes are not applied to the forks in a timely manner.<\/p>\r\n\r\n<h2><o:p><\/o:p><\/h2>\r\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>In a recent penetration test of a Moodle instance, a review of the installed plugins revealed several security issues in a plugin that has not been updated for several years.<\/p>\n","protected":false},"author":1,"featured_media":8768,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[215],"class_list":["post-2944","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-researchblog","tag-vulnerabilities","wpbf-post"],"contentshake_article_id":"","yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Moodle Jmol Plugin Multiple Vulnerabilities<\/title>\n<meta name=\"description\" content=\"In a recent penetration test of a Moodle instance, a review of the installed plugins revealed several security issues in a plugin that has not been updated for several years.\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Moodle Jmol Plugin Multiple Vulnerabilities\" \/>\n<meta property=\"og:description\" content=\"In a recent penetration test of a Moodle instance, a review of the installed plugins revealed several security issues in a plugin that has not been updated for several years.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/moodle-jmol-plugin-multiple-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"Dionach\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/dionachcyber\" \/>\n<meta property=\"article:published_time\" content=\"2019-05-20T08:35:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-30T16:30:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/dionach.development-visionsharp.co.uk\/wp-content\/uploads\/2019\/05\/cso_keys_keychain_password_management_by_smartboy10_gettyimages-940272248_abstract_binary_background_by_aleksei_derin_gettyimages-914850254_2400x1600-100802486-large.webp?fit=1200%2C800&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Dionach Admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:site\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dionach Admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/moodle-jmol-plugin-multiple-vulnerabilities\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/moodle-jmol-plugin-multiple-vulnerabilities\\\/\"},\"author\":{\"name\":\"Dionach Admin\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#\\\/schema\\\/person\\\/effca060e22bfa3cc6cd03f74a50fdb4\"},\"headline\":\"Moodle Jmol Plugin Multiple Vulnerabilities\",\"datePublished\":\"2019-05-20T08:35:41+00:00\",\"dateModified\":\"2024-01-30T16:30:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/moodle-jmol-plugin-multiple-vulnerabilities\\\/\"},\"wordCount\":501,\"publisher\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/moodle-jmol-plugin-multiple-vulnerabilities\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/dionach.development-visionsharp.co.uk\\\/wp-content\\\/uploads\\\/2019\\\/05\\\/cso_keys_keychain_password_management_by_smartboy10_gettyimages-940272248_abstract_binary_background_by_aleksei_derin_gettyimages-914850254_2400x1600-100802486-large.webp?fit=1200%2C800&ssl=1\",\"keywords\":[\"vulnerabilities\"],\"articleSection\":[\"researchblog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/moodle-jmol-plugin-multiple-vulnerabilities\\\/\",\"url\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/moodle-jmol-plugin-multiple-vulnerabilities\\\/\",\"name\":\"Moodle Jmol Plugin Multiple Vulnerabilities\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/moodle-jmol-plugin-multiple-vulnerabilities\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/moodle-jmol-plugin-multiple-vulnerabilities\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/dionach.development-visionsharp.co.uk\\\/wp-content\\\/uploads\\\/2019\\\/05\\\/cso_keys_keychain_password_management_by_smartboy10_gettyimages-940272248_abstract_binary_background_by_aleksei_derin_gettyimages-914850254_2400x1600-100802486-large.webp?fit=1200%2C800&ssl=1\",\"datePublished\":\"2019-05-20T08:35:41+00:00\",\"dateModified\":\"2024-01-30T16:30:20+00:00\",\"description\":\"In a recent penetration test of a Moodle instance, a review of the installed plugins revealed several security issues in a plugin that has not been updated for several years.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/moodle-jmol-plugin-multiple-vulnerabilities\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/moodle-jmol-plugin-multiple-vulnerabilities\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/moodle-jmol-plugin-multiple-vulnerabilities\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/dionach.development-visionsharp.co.uk\\\/wp-content\\\/uploads\\\/2019\\\/05\\\/cso_keys_keychain_password_management_by_smartboy10_gettyimages-940272248_abstract_binary_background_by_aleksei_derin_gettyimages-914850254_2400x1600-100802486-large.webp?fit=1200%2C800&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/dionach.development-visionsharp.co.uk\\\/wp-content\\\/uploads\\\/2019\\\/05\\\/cso_keys_keychain_password_management_by_smartboy10_gettyimages-940272248_abstract_binary_background_by_aleksei_derin_gettyimages-914850254_2400x1600-100802486-large.webp?fit=1200%2C800&ssl=1\",\"width\":1200,\"height\":800,\"caption\":\"Moodle Jmol Plugin Multiple Vulnerabilities\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/moodle-jmol-plugin-multiple-vulnerabilities\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/homepage-usa\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Moodle Jmol Plugin Multiple Vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#website\",\"url\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/\",\"name\":\"Dionach\",\"description\":\"Real Security in a Virtual World\",\"publisher\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#organization\",\"name\":\"Dionach\",\"url\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"contentUrl\":\"https:\\\/\\\/dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"width\":512,\"height\":512,\"caption\":\"Dionach\"},\"image\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/dionachcyber\",\"https:\\\/\\\/x.com\\\/dionachcyber\",\"https:\\\/\\\/uk.linkedin.com\\\/company\\\/dionach-ltd\",\"https:\\\/\\\/www.instagram.com\\\/dionachcyber\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#\\\/schema\\\/person\\\/effca060e22bfa3cc6cd03f74a50fdb4\",\"name\":\"Dionach Admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"caption\":\"Dionach Admin\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Moodle Jmol Plugin Multiple Vulnerabilities","description":"In a recent penetration test of a Moodle instance, a review of the installed plugins revealed several security issues in a plugin that has not been updated for several years.","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Moodle Jmol Plugin Multiple Vulnerabilities","og_description":"In a recent penetration test of a Moodle instance, a review of the installed plugins revealed several security issues in a plugin that has not been updated for several years.","og_url":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/moodle-jmol-plugin-multiple-vulnerabilities\/","og_site_name":"Dionach","article_publisher":"https:\/\/www.facebook.com\/dionachcyber","article_published_time":"2019-05-20T08:35:41+00:00","article_modified_time":"2024-01-30T16:30:20+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/i0.wp.com\/dionach.development-visionsharp.co.uk\/wp-content\/uploads\/2019\/05\/cso_keys_keychain_password_management_by_smartboy10_gettyimages-940272248_abstract_binary_background_by_aleksei_derin_gettyimages-914850254_2400x1600-100802486-large.webp?fit=1200%2C800&ssl=1","type":"image\/webp"}],"author":"Dionach Admin","twitter_card":"summary_large_image","twitter_creator":"@dionachcyber","twitter_site":"@dionachcyber","twitter_misc":{"Written by":"Dionach Admin","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/moodle-jmol-plugin-multiple-vulnerabilities\/#article","isPartOf":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/moodle-jmol-plugin-multiple-vulnerabilities\/"},"author":{"name":"Dionach Admin","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#\/schema\/person\/effca060e22bfa3cc6cd03f74a50fdb4"},"headline":"Moodle Jmol Plugin Multiple Vulnerabilities","datePublished":"2019-05-20T08:35:41+00:00","dateModified":"2024-01-30T16:30:20+00:00","mainEntityOfPage":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/moodle-jmol-plugin-multiple-vulnerabilities\/"},"wordCount":501,"publisher":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#organization"},"image":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/moodle-jmol-plugin-multiple-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/dionach.development-visionsharp.co.uk\/wp-content\/uploads\/2019\/05\/cso_keys_keychain_password_management_by_smartboy10_gettyimages-940272248_abstract_binary_background_by_aleksei_derin_gettyimages-914850254_2400x1600-100802486-large.webp?fit=1200%2C800&ssl=1","keywords":["vulnerabilities"],"articleSection":["researchblog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/moodle-jmol-plugin-multiple-vulnerabilities\/","url":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/moodle-jmol-plugin-multiple-vulnerabilities\/","name":"Moodle Jmol Plugin Multiple Vulnerabilities","isPartOf":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#website"},"primaryImageOfPage":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/moodle-jmol-plugin-multiple-vulnerabilities\/#primaryimage"},"image":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/moodle-jmol-plugin-multiple-vulnerabilities\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/dionach.development-visionsharp.co.uk\/wp-content\/uploads\/2019\/05\/cso_keys_keychain_password_management_by_smartboy10_gettyimages-940272248_abstract_binary_background_by_aleksei_derin_gettyimages-914850254_2400x1600-100802486-large.webp?fit=1200%2C800&ssl=1","datePublished":"2019-05-20T08:35:41+00:00","dateModified":"2024-01-30T16:30:20+00:00","description":"In a recent penetration test of a Moodle instance, a review of the installed plugins revealed several security issues in a plugin that has not been updated for several years.","breadcrumb":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/moodle-jmol-plugin-multiple-vulnerabilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/dionach.development-visionsharp.co.uk\/en-us\/moodle-jmol-plugin-multiple-vulnerabilities\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/moodle-jmol-plugin-multiple-vulnerabilities\/#primaryimage","url":"https:\/\/i0.wp.com\/dionach.development-visionsharp.co.uk\/wp-content\/uploads\/2019\/05\/cso_keys_keychain_password_management_by_smartboy10_gettyimages-940272248_abstract_binary_background_by_aleksei_derin_gettyimages-914850254_2400x1600-100802486-large.webp?fit=1200%2C800&ssl=1","contentUrl":"https:\/\/i0.wp.com\/dionach.development-visionsharp.co.uk\/wp-content\/uploads\/2019\/05\/cso_keys_keychain_password_management_by_smartboy10_gettyimages-940272248_abstract_binary_background_by_aleksei_derin_gettyimages-914850254_2400x1600-100802486-large.webp?fit=1200%2C800&ssl=1","width":1200,"height":800,"caption":"Moodle Jmol Plugin Multiple Vulnerabilities"},{"@type":"BreadcrumbList","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/moodle-jmol-plugin-multiple-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/homepage-usa\/"},{"@type":"ListItem","position":2,"name":"Moodle Jmol Plugin Multiple Vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#website","url":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/","name":"Dionach","description":"Real Security in a Virtual World","publisher":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#organization","name":"Dionach","url":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#\/schema\/logo\/image\/","url":"https:\/\/dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","contentUrl":"https:\/\/dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","width":512,"height":512,"caption":"Dionach"},"image":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/dionachcyber","https:\/\/x.com\/dionachcyber","https:\/\/uk.linkedin.com\/company\/dionach-ltd","https:\/\/www.instagram.com\/dionachcyber\/"]},{"@type":"Person","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#\/schema\/person\/effca060e22bfa3cc6cd03f74a50fdb4","name":"Dionach Admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","caption":"Dionach Admin"}}]}},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/dionach.development-visionsharp.co.uk\/wp-content\/uploads\/2019\/05\/cso_keys_keychain_password_management_by_smartboy10_gettyimages-940272248_abstract_binary_background_by_aleksei_derin_gettyimages-914850254_2400x1600-100802486-large.webp?fit=1200%2C800&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/ph4Ojq-Lu","_links":{"self":[{"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/posts\/2944","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/comments?post=2944"}],"version-history":[{"count":0,"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/posts\/2944\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/media\/8768"}],"wp:attachment":[{"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/media?parent=2944"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/categories?post=2944"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/tags?post=2944"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}