CVE-2024-31777

File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint...

CVE-2024-31777

File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint...

CVE-2024-33253

Cross-site scripting XSS vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function...

CVE-2024-31777

File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint...

CVE-2024-33253

Cross-site scripting XSS vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function...

CVE-2024-33253

Cross-site scripting XSS vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function...

PT-2024-25170 · Gunet · Gunet Openeclass E-Learning Platform

Name of the Vulnerable Software and Affected Versions: GUnet OpenEclass E-learning Platform versions 3.15 and before Description: The issue is a cross-site scripting XSS vulnerability that allows an authenticated privileged attacker to execute arbitrary code. This can be achieved via the title an...

OpenEclass E-learning Platform Security Vulnerability

OpenEclass E-learning Platform is an integrated course management system from Open Eclass open source. A security vulnerability exists in OpenEclass E-learning Platform version 3.15 and earlier. An attacker exploited the vulnerability to execute arbitrary code via the title and description fields...

CVE-2024-33253

Cross-site scripting XSS vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function...

CVE-2024-31777

File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint...

CVE-2024-33253

OpenEclass OpenEclass E-learning Platform (GUnet)

CVE-2024-31777

CVE-2024-31777 is a file-upload vulnerability in OpenEclass (GUnet OpenEclass E-learning) affecting version 3.15 and earlier. The issue allows an attacker to execute arbitrary code by uploading a crafted file to the certbadge.php endpoint, enabling remote code execution with the ability to write/...

CVE-2024-31777

File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint...

GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload

Exploit Title: GUnet OpenEclass E-learning platform 3.15 - 'certbadge.php' Unrestricted File Upload Date: 2024-02-04 Exploit Author: Georgios Tsimpidas Vendor Homepage: https://www.openeclass.org/ Software Link: https://download.openeclass.org/files/3.15/ Version: 3.15 2024 Tested on: Debian Kali...

Exploit for Unrestricted Upload of File with Dangerous Type in Openeclass

CVE-2024-31777 | GUnet OpenEclass E-learning platform Unrestri...

GUnet OpenEclass E-learning 3.15 File Upload / Command Execution Exploit

GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command execution. import requests import argparse import zipfile import os import sys RED = '\03391m' GREEN = '\03392m' YELLOW = '\03393m' RESET =...

CVE-2021-44266

GUnet Open eClass aka openeclass before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter...

Cross-Site Request Forgery (CSRF) in gunet/openeclass

Description No CSRF is provided when deleting messages. Proof of Concept The attacker could delete a specific message as they are generated consecutively and brute forcing it. history.pushState'', '', '/' or the could just delete all the messages: history.pushState'', '', '/' Impact Combining thi...

Cross-Site Request Forgery (CSRF) in gunet/openeclass

Description An attacker is able to log out a user if a logged-in user visits the attacker's website. Proof of Concept history.pushState'', '', '/' document.forms0.submit; Impact This vulnerability is capable of forging users to unintentional logout. More details One way GET could be abused here i...

Cross-Site Request Forgery (CSRF) in gunet/openeclass

Description Missing CSRF Token at all form POST action in on Application Proof of Concept // CSRF PoC history.pushState'', '', '/' Impact With CSRF attack, the attacker can perform operations to add, edit, and delete data on the application through the victim...