8 matches found
CVE-2026-24670
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create new course units, an action normally restricted to higher-privileged roles. This issue has been patch...
CVE-2026-24670
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create new course units, an action normally restricted to higher-privileged roles. This issue has been patch...
EUVD-2026-5239
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create new course units, an action normally restricted to higher-privileged roles. This issue has been patch...
PT-2026-6202
Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2 Description The Open eClass platform, previously known as GUnet eClass, is a course management system. A broken access control issue permits authenticated students to create new course units, a function...
Open eClass 访问控制错误漏洞
Open eClass is an e-classroom system developed by the Greek Universities Network. Versions of Open eClass prior to 4.2 contained a security vulnerability related to access control. This vulnerability resulted from improper access control mechanisms, which could allow authenticated students to...
CVE-2016-10400
Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/core/courses/users/createcourse.php. The attacker can read an arbitrary file by visiting getcourseicon.php?id= after the traversal attack...
Atutor Cross-Site Request Forgery Vulnerability
ATutor is an open source Web-based learning content management system LCMS developed by the ATutor team. The system includes teaching content management, forums, chat rooms and other modules. A cross-site request forgery vulnerability exists in the /createcourse.php page in ATutor version 2.2.2,...
Atutor Arbitrary File Disclosure Vulnerability
ATutor is ATutor team developed a set of open source Web-based learning content management system . An arbitrary file disclosure vulnerability exists in Atutor. When saving data information, due to the "icon" HTTP POST passed to the "/mods/core/courses/users/createcourse.php" script, which fails ...