VYPR

Openeclass

by Gunet

Source repositories

CVEs (26)

  • CVE-2020-37113Feb 3, 2026
    risk 0.00cvss epss 0.01

    GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by…

  • CVE-2020-37112Feb 3, 2026
    risk 0.00cvss epss 0.00

    GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive…

  • CVE-2024-38530Aug 12, 2024
    risk 0.00cvss epss 0.01

    The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may…

  • CVE-2024-33253Jun 13, 2024
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function.

  • CVE-2021-44266Jun 11, 2022
    risk 0.00cvss epss 0.01

    GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter.

  • CVE-2020-24381Aug 19, 2020
    risk 0.00cvss epss 0.01

    GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read students' submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web root by default.

Page 2 of 2