CVE-2020-24381

GUnet Open eClass Platform (openeclass) prior to 3.11 is vulnerable to reading submitted assessments due to directory listing not being blocked and the data directory being inside the web root. This could allow remote attackers to access student submissions. The affected product/version is public...

CVE-2020-24381

GUnet Open eClass Platform aka openeclass before 3.11 might allow remote attackers to read students' submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web root by default...

eClass platform SQL Injection Vulnerability

eClass platform is an open source course management system organized by GUnet Greece. A SQL injection vulnerability exists in versions of eClass platform prior to ip.2.5.10.2.1. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications. ...

CVE-2019-9884

eClass platform ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page...

CVE-2019-9885

eClass platform ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenviewleft.php StudentID parameter...

CVE-2019-9885

eClass platform ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenviewleft.php StudentID parameter...

CVE-2019-9884

eClass platform ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page...

Design/Logic Flaw

eClass platform ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page...

Sql injection

eClass platform ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenviewleft.php StudentID parameter...

CVE-2019-9884 eClass platform contains a Broken Access Control vulnerability

eClass platform ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page...

CVE-2019-9884

CVE-2019-9884 affects the eClass platform (version

CVE-2019-9885 eClass platform contains a SQL injection vulnerability

eClass platform ip.2.5.10.2.1 allows an attacker to execute SQL command via /admin/academic/studenviewleft.php StudentID parameter...

CVE-2019-9885

CVE-2019-9885 affects eClass platform prior to ip.2.5.10.2.1. The vulnerability is a SQL injection in the /admin/academic/studenview_left.php?StudentID parameter, caused by insufficient input validation in the web application. Exploitation would allow an attacker to execute arbitrary SQL commands...

CVE-2019-9886

Any URLs with downloadattachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1...

CVE-2019-9886

Any URLs with downloadattachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1...

Design/Logic Flaw

Any URLs with downloadattachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1...

CVE-2019-9886 eClass platform allows user to download arbitrary files without authentication

Any URLs with downloadattachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1...

CVE-2019-9886

CVE-2019-9886 affects BroadLearning eClass up to version ip.2.5.10.2.1, where arbitrary files can be downloaded without authentication via URLs containing download_attachment.php under templates or home folders. Root cause/impact: unauthenticated access to sensitive files (no login required). Pub...

Open eClass Cross-Site Scripting Vulnerability

Open eClass formerly known as GUnet eClass is a complete course management system from the Greek company Open eClass. The system supports for storing and presenting educational materials and asynchronous e-learning services, among others. A cross-site scripting vulnerability exists in Open eClass...

GLSA-200803-30 : ssl-cert eclass: Certificate disclosure

The remote host is affected by the vulnerability described in GLSA-200803-30 ssl-cert eclass: Certificate disclosure Robin Johnson reported that the docert function provided by ssl-cert.eclass can be called by source building stages of an ebuild, such as srccompile or srcinstall, which will resul...