Lucene search
K

50 matches found

EUVD
EUVD
added 2026/02/03 4:58 p.m.10 views

EUVD-2026-5231

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by...

4.3CVSS5.4AI score0.00201EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/03 4:57 p.m.6 views

CVE-2026-24773 Open eClass Unauthenticated IDOR Allows Access to Arbitrary User Files

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference IDOR vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting predictable user...

7.5CVSS5.4AI score0.00352EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 4:57 p.m.4 views

CVE-2026-24773

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference IDOR vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting predictable user...

7.5CVSS5.4AI score0.00352EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/02/03 4:57 p.m.7 views

EUVD-2026-5232

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference IDOR vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting predictable user...

7.5CVSS5.4AI score0.00352EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/03 4:57 p.m.5 views

EUVD-2026-5234

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting XSS vulnerability allows remote attackers to execute arbitrary JavaScript in the context of authenticated users by crafting malicious URLs and...

4.7CVSS5.8AI score0.0018EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 4:57 p.m.2 views

CVE-2026-24674

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting XSS vulnerability allows remote attackers to execute arbitrary JavaScript in the context of authenticated users by crafting malicious URLs and...

4.7CVSS5.8AI score0.0018EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/02/03 4:56 p.m.5 views

EUVD-2026-5237

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when users with viewing...

7.3CVSS5.3AI score0.00182EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/03 4:56 p.m.5 views

EUVD-2026-5239

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create new course units, an action normally restricted to higher-privileged roles. This issue has been patch...

6.5CVSS5.3AI score0.00207EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/03 4:56 p.m.3 views

CVE-2026-24670 Open eClass Has Broken Access Control in Course Units Module Allows Students to Create Units

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create new course units, an action normally restricted to higher-privileged roles. This issue has been patch...

6.5CVSS5.3AI score0.00207EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 4:56 p.m.3 views

CVE-2026-24664

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a username enumeration vulnerability allows unauthenticated attackers to identify valid user accounts by analyzing differences in the login response behavior. This issue has been...

5.3CVSS5.3AI score0.0025EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/02/03 4:56 p.m.8 views

EUVD-2026-5240

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a username enumeration vulnerability allows unauthenticated attackers to identify valid user accounts by analyzing differences in the login response behavior. This issue has been...

5.3CVSS5.3AI score0.0025EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/08 3:7 p.m.8 views

EUVD-2026-1672

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an arbitrary file upload vulnerability in the theme import functionality enables an attacker with administrative privileges to upload arbitrary files on the server's file system...

8.6CVSS7.8AI score0.03076EPSS
Exploits3References2
OSV
OSV
added 2026/01/08 3:7 p.m.10 views

CVE-2026-22241 Open eClass has Unrestricted File Upload that Leads to Remote Code Execution (RCE)

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an arbitrary file upload vulnerability in the theme import functionality enables an attacker with administrative privileges to upload arbitrary files on the server's file system...

8.6CVSS8.2AI score0.03076EPSS
Exploits3References6
RedhatCVE
RedhatCVE
added 2025/02/05 9:5 a.m.7 views

CVE-2024-38530

The Open eClass platform formerly known as GUnet eClass is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RC...

9.8CVSS7AI score0.00776EPSS
Exploits1
NVD
NVD
added 2024/08/12 3:15 p.m.33 views

CVE-2024-38530

The Open eClass platform formerly known as GUnet eClass is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RC...

9.8CVSS0.00776EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/08/12 2:50 p.m.47 views

CVE-2024-38530 Open eClass Platform allows Arbitrary File Upload in "modules/h5p/save.php"

The Open eClass platform formerly known as GUnet eClass is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RC...

9.8CVSS9.4AI score0.00776EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/08/12 2:50 p.m.37 views

CVE-2024-38530 Open eClass Platform allows Arbitrary File Upload in "modules/h5p/save.php"

The Open eClass platform formerly known as GUnet eClass is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RC...

9.8CVSS0.00776EPSS
Exploits1References2
CVE
CVE
added 2024/08/12 2:50 p.m.80 views

CVE-2024-38530

CVE-2024-38530 affects the Open eClass platform (H5P module) via an arbitrary file upload in the module’s save.php, allowing unauthenticated uploads to the server filesystem. The underlying issue enables potential unrestricted remote code execution on the backend, since the upload location is int...

9.8CVSS9.4AI score0.00776EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/08/12 2:50 p.m.24 views

CVE-2024-38530 Open eClass Platform allows Arbitrary File Upload in "modules/h5p/save.php"

The Open eClass platform formerly known as GUnet eClass is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RC...

9.8CVSS7.1AI score0.00776EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/08/12 12:0 a.m.5 views

Open eClass Platform 安全漏洞

Open eClass Platform is an integrated course management system for Open eClass. A security vulnerability exists in Open eClass Platform version 3.15 and earlier, which stems from an arbitrary file upload vulnerability in the save function of the H5P module that could lead to unrestricted remote...

9.8CVSS8.1AI score0.00776EPSS
Exploits1References3
Rows per page
Query Builder