Openeclass Gunet Openeclass vulnerabilities
5 known vulnerabilities affecting openeclass/gunet_openeclass.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2020-37113P2HIGHCVSS 8.8v1.7.3 (2007)2026-02-03
CVE-2020-37113 [HIGH] CWE-434 CVE-2020-37113: GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploadi
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the intended file type checks in the exercise submission featur
nvd
CVE-2020-37116P3HIGHCVSS 8.8v1.7.3 (2007)2026-02-03
CVE-2020-37116 [HIGH] CWE-284 CVE-2020-37116: GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attacker
GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise.
nvd
CVE-2020-37112P3MEDIUMCVSS 6.5v1.7.32026-02-03
CVE-2020-37112 [MEDIUM] CWE-89 CVE-2020-37112: GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated atta
GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information using error-based or time-based injection techniques.
nvd
CVE-2020-37114P3MEDIUMCVSS 6.5v1.7.3 (2007)2026-02-03
CVE-2020-37114 [MEDIUM] CWE-200 CVE-2020-37114: GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive informatio
GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can retrieve system info, version info, and view or download
nvd
CVE-2020-37115P4MEDIUMCVSS 4.9v1.7.3 (2007)2026-02-03
CVE-2020-37115 [MEDIUM] CWE-256 CVE-2020-37115: GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all reg
GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access.
nvd