221 matches found
eClass LMS 6.2.0 Shell Upload
==================================================================================================================================== | Title : eClass LMS v6.2.0 shell upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendo...
eClass LMS 6.2.0 Insecure Settings / Shell Upload
==================================================================================================================================== | Title : eClass LMS v6.2.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | |...
CVE-2024-38530
The Open eClass platform formerly known as GUnet eClass is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RC...
CVE-2024-38530 Open eClass Platform allows Arbitrary File Upload in "modules/h5p/save.php"
The Open eClass platform formerly known as GUnet eClass is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RC...
CVE-2024-38530 Open eClass Platform allows Arbitrary File Upload in "modules/h5p/save.php"
The Open eClass platform formerly known as GUnet eClass is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RC...
CVE-2024-38530
CVE-2024-38530 affects the Open eClass platform (H5P module) via an arbitrary file upload in the module’s save.php, allowing unauthenticated uploads to the server filesystem. The underlying issue enables potential unrestricted remote code execution on the backend, since the upload location is int...
CVE-2024-38530 Open eClass Platform allows Arbitrary File Upload in "modules/h5p/save.php"
The Open eClass platform formerly known as GUnet eClass is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RC...
Open eClass Platform 安全漏洞
Open eClass Platform is an integrated course management system for Open eClass. A security vulnerability exists in Open eClass Platform version 3.15 and earlier, which stems from an arbitrary file upload vulnerability in the save function of the H5P module that could lead to unrestricted remote...
PT-2024-28056 · H5P +1 · H5P +1
Name of the Vulnerable Software and Affected Versions: Open eClass versions prior to 3.16 Description: The Open eClass platform, a complete Course Management System, contains an arbitrary file upload vulnerability in the "save" functionality of the H5P module. This vulnerability enables...
PT-2024-24202 · Unknown · Open Eclass
Name of the Vulnerable Software and Affected Versions: openclass versions 3.15 and earlier Description: The issue allows an attacker to execute arbitrary code via a crafted file to the "certbadge.php" endpoint. This enables the attacker to potentially gain control over the system. Recommendations...
Open eClass Platform 权限许可和访问控制问题漏洞
Open eClass Platform is an integrated course management system for Open eClass. A privilege permission and access control issue vulnerability exists in Open eClass Platform version 3.15. An attacker can exploit this vulnerability to execute arbitrary commands...
GUnet OpenEclass E-learning 3.15 File Upload / Command Execution
import requests import argparse import zipfile import os import sys RED = '\03391m' GREEN = '\03392m' YELLOW = '\03393m' RESET = '\0330m' ORANGE = '\03338;5;208m' MALICIOUSPAYLOAD = """\ """ def banner: printf'''RED YELLOW ============================ Author: Frey ============================...
Exploit for Unrestricted Upload of File with Dangerous Type in Openeclass
Open eClass RCE Exploit Tool This tool is designed to exploit...
CVE-2024-26503
Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint...
CVE-2024-26503
Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint...
CVE-2024-26503
Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint...
PT-2024-21409 · Greek Universities Network · Open Eclass
Name of the Vulnerable Software and Affected Versions: Greek Universities Network Open eClass versions 3.15 and earlier Description: The issue allows attackers to run arbitrary code via the upload of a crafted file to the "certbadge.php" endpoint. This enables potential exploitation for malicious...
Open eClass Platform Security Vulnerability
Open eClass Platform is an integrated course management system for Open eClass. A security vulnerability exists in Greek Universities Network Open eClass v.3.15 and earlier versions, which originates from a vulnerability that allows an attacker to run arbitrary code by uploading a crafted file to...
CVE-2024-26503
Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint...
CVE-2024-26503
The CVE-2024-26503 entry concerns Unrestricted File Upload in Greek Universities Network Open eClass v3.15 and earlier, enabling remote code execution by uploading a crafted file to certbadge.php. Affected component: certbadge.php upload handling in Open eClass platforms. Impact: attacker can run...