VYPR
Unrated severityNVD Advisory· Published Feb 3, 2026· Updated Feb 6, 2026

GUnet OpenEclass 1.7.3 E-learning platform - File Upload Extension Bypass

CVE-2020-37113

Description

GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the intended file type checks in the exercise submission feature.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Gunet/Openeclassllm-fuzzy2 versions
    =1.7.3+ 1 more
    • (no CPE)range: =1.7.3
    • (no CPE)range: 1.7.3 (2007)

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.