Unrated severityNVD Advisory· Published Feb 3, 2026· Updated Mar 5, 2026
GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection
CVE-2020-37112
Description
GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information using error-based or time-based injection techniques.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2=1.7.3+ 1 more
- (no CPE)range: =1.7.3
- (no CPE)range: 1.7.3
Patches
Vulnerability mechanics
References
4- download.openeclass.org/files/docs/1.7/CHANGES.txtmitrepatch
- www.exploit-db.com/exploits/48163mitreexploit
- www.vulncheck.com/advisories/gunet-openeclass-e-learning-platform-month-sql-injectionmitrethird-party-advisory
- www.openeclass.orgmitreproduct
News mentions
0No linked articles in our index yet.