📄 GUnet OpenEclass E-learning Remote Code Execution

GUnet OpenEclass E-learning versions prior to 4.2 suffer from a remote code execution vulnerability. Exploit Title: GUnet OpenEclass E-learning platform """ def banner: printf'''YELLOW ┏━╸╻ ╻┏━╸ ┏━┓┏━┓┏━┓┏━┓ ┏━┓┏━┓┏━┓╻ ╻╺┓ ┃ ┃┏┛┣╸ ╺━╸┏━┛┃┃┃┏━┛┣━┓╺━╸┏━┛┏━┛┏━┛┗━┫ ┃ ┗━╸┗┛ ┗━╸ ┗━╸┗━┛┗━╸┗━┛ ┗━╸┗━╸┗━╸...

GUnet OpenEclass 安全漏洞

GUnet OpenEclass is a learning management system developed by the Greek company GUnet. Versions of GUnet OpenEclass prior to version 3.13 contained security vulnerabilities. These vulnerabilities stemmed from the existence of an authenticated arbitrary file upload in the Courses/Work Assignments...

PT-2026-25769

An authenticated arbitrary file upload vulnerability in the Courses/Work Assignments module of gunet Open eClass v3.11, and fixed in v3.13, allows attackers to execute arbitrary code via uploading a crafted SVG file...

CVE-2025-65734

The CVE-2025-65734 entry concerns gunet Open eClass. An authenticated arbitrary file upload vulnerability exists in the Courses/Work Assignments module, allowing code execution via a crafted SVG file. Affected version v3.11; fixed in v3.13. The issue requires authentication and uses a crafted SVG...

EUVD-2020-30981

GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can...

CVE-2020-37113

GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a web shell and execute arbitrary code on the server. This vulnerability enables remote code execution by bypassing the...

GUnet OpenEclass 信息泄露漏洞

GUnet OpenEclass is a learning management system developed by the Greek company GUnet. Version 1.7.3 of GUnet OpenEclass contains a vulnerability related to information leakage. This vulnerability stems from improper access control and information exposure, potentially allowing unauthorized acces...

GUnet OpenEclass 代码问题漏洞

GUnet OpenEclass is a learning management system developed by the Greek company GUnet. Version 1.7.3 of GUnet OpenEclass contains a code vulnerability that allows for bypassing file extension restrictions when uploading PHP files, potentially leading to remote code execution...

GUnet OpenEclass 安全漏洞

GUnet OpenEclass is a learning management system developed by the Greek company GUnet. Version 1.7.3 of GUnet OpenEclass contains a security vulnerability. This vulnerability stems from the storage of user credentials in plaintext, which may lead to credential leakage and unauthorized access...

GUnet OpenEclass SQL注入漏洞

GUnet OpenEclass is a learning management system developed by the Greek company GUnet. Version 1.7.3 of GUnet OpenEclass contains a SQL injection vulnerability. This vulnerability stems from multiple SQL injection points in the agenda module and other endpoints, which could allow authenticated...

PT-2026-5860

GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential theft and unauthorized access...

GUnet OpenEclass 访问控制错误漏洞

GUnet OpenEclass is a learning management system developed by the Greek company GUnet. Version 1.7.3 of GUnet OpenEclass contains an access control vulnerability. This vulnerability stems from the default inclusion of phpMyAdmin 2.10.0.2, which may allow attackers to obtain MySQL passwords and ga...

PT-2026-5857

Name of the Vulnerable Software and Affected Versions GUnet OpenEclass version 1.7.3 Description The software contains multiple SQL injection flaws. Authenticated attackers can manipulate database queries through unvalidated parameters. Attackers can exploit the month parameter in the agenda modu...

CVE-2020-24381

GUnet Open eClass Platform aka openeclass before 3.11 might allow remote attackers to read students' submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web root by default...

EUVD-2020-17113

Malware in sbrugna...

EUVD-2022-36169

Malicious code in bioql PyPI...

CVE-2022-33116

An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform aka openeclass v3.12.4 and below allows attackers to read arbitrary files via a directory traversal...

CVE-2024-33253

Cross-site scripting XSS vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function...

CVE-2024-33253

Cross-site scripting XSS vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function...

CVE-2024-33253

Cross-site scripting XSS vulnerability in GUnet OpenEclass E-learning Platform version 3.15 and before allows a authenticated privileged attacker to execute arbitrary code via the title and description fields of the badge template editing function...