Openeclass
by Gunet
Source repositories
CVEs (26)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-37113 | 0.00 | — | 0.01 | Feb 3, 2026 | GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by… | |||
| CVE-2020-37112 | 0.00 | — | 0.00 | Feb 3, 2026 | GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive… | |||
| CVE-2024-38530 | 0.00 | — | 0.01 | Aug 12, 2024 | The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may… | |||
| CVE-2024-33253 | 0.00 | — | 0.00 | Jun 13, 2024 | Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function. | |||
| CVE-2021-44266 | 0.00 | — | 0.01 | Jun 11, 2022 | GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter. | |||
| CVE-2020-24381 | 0.00 | — | 0.01 | Aug 19, 2020 | GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read students' submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web root by default. |
- CVE-2020-37113Feb 3, 2026risk 0.00cvss —epss 0.01
GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by…
- CVE-2020-37112Feb 3, 2026risk 0.00cvss —epss 0.00
GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive…
- CVE-2024-38530Aug 12, 2024risk 0.00cvss —epss 0.01
The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may…
- CVE-2024-33253Jun 13, 2024risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function.
- CVE-2021-44266Jun 11, 2022risk 0.00cvss —epss 0.01
GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter.
- CVE-2020-24381Aug 19, 2020risk 0.00cvss —epss 0.01
GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read students' submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web root by default.
Page 2 of 2