VYPR

Vendor CVEs

Gunet

All CVEs

28 total · sorted by risk
  • CVE-2017-7389MedApr 1, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass Release_3.5.4'. The vulnerabilities exist due to insufficient filtration of user-supplied data (meeting_id, user) passed to the 'openeclass-master/modules/tc/webconf/webconf.php' URL. An attacker could execute…

  • CVE-2025-65734MedMar 16, 2026
    risk 0.35cvss 5.4epss 0.00

    An authenticated arbitrary file upload vulnerability in the Courses/Work Assignments module of gunet Open eClass v3.11, and fixed in v3.13, allows attackers to execute arbitrary code via uploading a crafted SVG file.

  • CVE-2024-31777Jun 13, 2024
    risk 0.05cvss epss 0.04

    File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint.

  • CVE-2026-22241Jan 8, 2026
    risk 0.03cvss epss 0.03

    The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an arbitrary file upload vulnerability in the theme import functionality enables an attacker with administrative privileges to upload arbitrary files on the…

  • CVE-2026-24669Feb 3, 2026
    risk 0.00cvss epss 0.00

    The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an insecure password reset mechanism allows local attackers to reuse a valid password reset token after it has already been used, enabling unauthorized…

  • CVE-2026-24668Feb 3, 2026
    risk 0.00cvss epss 0.00

    The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to add content to existing course units, an action normally restricted to higher-privileged…

  • CVE-2026-24667Feb 3, 2026
    risk 0.00cvss epss 0.00

    The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, failure to invalidate active user sessions after a password change allows existing session tokens to remain valid, potentially enabling unauthorized continued…

  • CVE-2026-24666Feb 3, 2026
    risk 0.00cvss epss 0.00

    The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Cross-Site Request Forgery (CSRF) vulnerability in multiple teacher-restricted endpoints allows attackers to induce authenticated teachers to perform…

  • CVE-2026-24665Feb 3, 2026
    risk 0.00cvss epss 0.00

    The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting (XSS) vulnerability allows authenticated students to inject malicious JavaScript into uploaded assignment files, which is…

  • CVE-2026-24774Feb 3, 2026
    risk 0.00cvss epss 0.00

    The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have…

  • CVE-2026-24773Feb 3, 2026
    risk 0.00cvss epss 0.00

    The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference (IDOR) vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting…

  • CVE-2026-24674Feb 3, 2026
    risk 0.00cvss epss 0.00

    The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting (XSS) vulnerability allows remote attackers to execute arbitrary JavaScript in the context of authenticated users by crafting…

  • CVE-2026-24673Feb 3, 2026
    risk 0.00cvss epss 0.00

    The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a file upload validation bypass vulnerability allows attackers to upload files with prohibited extensions by embedding them inside ZIP archives and extracting…

  • CVE-2026-24672Feb 3, 2026
    risk 0.00cvss epss 0.00

    The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when…

  • CVE-2026-24671Feb 3, 2026
    risk 0.00cvss epss 0.00

    The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated high-privileged users (teachers or administrators) to inject malicious JavaScript into…

  • CVE-2026-24670Feb 3, 2026
    risk 0.00cvss epss 0.00

    The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create new course units, an action normally restricted to higher-privileged roles. This…

  • CVE-2026-24664Feb 3, 2026
    risk 0.00cvss epss 0.00

    The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a username enumeration vulnerability allows unauthenticated attackers to identify valid user accounts by analyzing differences in the login response behavior.…

  • CVE-2020-37116Feb 3, 2026
    risk 0.00cvss epss 0.00

    GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database…

  • CVE-2020-37115Feb 3, 2026
    risk 0.00cvss epss 0.00

    GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access.

  • CVE-2020-37114Feb 3, 2026
    risk 0.00cvss epss 0.00

    GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various…

  • CVE-2020-37113Feb 3, 2026
    risk 0.00cvss epss 0.01

    GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by…

  • CVE-2020-37112Feb 3, 2026
    risk 0.00cvss epss 0.00

    GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive…

  • CVE-2024-38530Aug 12, 2024
    risk 0.00cvss epss 0.01

    The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may…

  • CVE-2024-33253Jun 13, 2024
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function.

  • CVE-2022-33116Jun 27, 2022
    risk 0.00cvss epss 0.02

    An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal.

  • CVE-2021-44266Jun 11, 2022
    risk 0.00cvss epss 0.01

    GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter.

  • CVE-2020-24381Aug 19, 2020
    risk 0.00cvss epss 0.01

    GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read students' submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web root by default.

  • CVE-2019-9886Jul 11, 2019
    risk 0.00cvss epss 0.02

    Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1.